Accueil » Forum » Trisquel users
Soumis par Xorux le sam, 03/09/2019 - 11:11

Has apt security issue been resolved in the latest iso image?

2 réponses [Dernière contribution]
sam, 03/09/2019 - 11:11
Xorux
Xorux
Hors ligne
A rejoint: 12/14/2017

Hello all! Is downloading the Trisquel 8.0 LTS Flidas 2.5GB Live DVD iso image relatively safe from the DSA-437 apt bug now?
In other words, if we were to do a new installation of Trisquel, and then run the "#sudo apt-get update && sudo apt-get upgrade" commands after installing Trisquel to the HDD, would that be safe from the DSA-4371 bug?

I have heard that apt got fixed for Debian. Source: https://www.debian.org/News/2019/20190123
I hope the iso image of Trisquel's apt is fixed, or will be fixed soon as well.

Thank you in advance! :D

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
sam, 03/09/2019 - 20:13
#1
SuperTramp83
SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using:
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
mer, 07/17/2019 - 04:03
#2
Liberated
Liberated
Hors ligne
A rejoint: 03/22/2019

Would exploitation still be possible if this was done after Trisquel was fully installed but the option "Download updates while installing Trisquel" was enabled during the installation process?

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines