Inicio » Foro » Debate y ayuda para usuarios de habla inglesa
Enviado por Xorux el Sáb, 03/09/2019 - 11:11.

Has apt security issue been resolved in the latest iso image?

2 respuestas [Último envío]
Sáb, 03/09/2019 - 11:11
Xorux
Xorux
Desconectado/a
se unió: 12/14/2017

Hello all! Is downloading the Trisquel 8.0 LTS Flidas 2.5GB Live DVD iso image relatively safe from the DSA-437 apt bug now?
In other words, if we were to do a new installation of Trisquel, and then run the "#sudo apt-get update && sudo apt-get upgrade" commands after installing Trisquel to the HDD, would that be safe from the DSA-4371 bug?

I have heard that apt got fixed for Debian. Source: https://www.debian.org/News/2019/20190123
I hope the iso image of Trisquel's apt is fixed, or will be fixed soon as well.

Thank you in advance! :D

Superior
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Sáb, 03/09/2019 - 20:13
#1
SuperTramp83
SuperTramp83

I am a translator!

Desconectado/a
se unió: 10/31/2014

Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using:
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade

Superior
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Mié, 07/17/2019 - 04:03
#2
Liberated
Liberated
Desconectado/a
se unió: 03/22/2019

Would exploitation still be possible if this was done after Trisquel was fully installed but the option "Download updates while installing Trisquel" was enabled during the installation process?

Superior
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines