SoylentNews

Debian Security Advisory - DSA-3025-1 apt - Security Update

posted by LaminatorX on Friday September 19 2014, @08:48AM   
from the apt-to-fail dept.

Anonymous Coward writes:

"We recommend that you upgrade your apt packages." with apt of course... (via https://twitter.com/ioerror)

https://www.debian.org/security/2014/dsa-3025

"It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490)."

• Re:if in doubt use debsums Re:if in doubt use debsums (Score: 1, Insightful) by Anonymous Coward on Friday September 19 2014, @05:01PM

  by Anonymous Coward on Friday September 19 2014, @05:01PM (#95561)

  But what if debsums has been hijacked too?
  
  So if you really want to know whether your system has been hijacked with malicious binaries, what you have to do is mount your drive on a known safe computer then do the checks using clean stuff.

  Parent

  Starting Score:	0		points
  Moderation		+1
  Insightful=1, Total=1
  Extra 'Insightful' Modifier		0
  Total Score:		1

• Re:if in doubt use debsums (Score: 2) by cosurgi on Monday September 22 2014, @09:44AM

  by cosurgi (272) on Monday September 22 2014, @09:44AM (#96672) Journal

  right, you would need to reinstall debsums first from clean source. Or, as you say go to another safe computer.

  --
  #
  #\ @ ? [adom.de] Colonize Mars [kozicki.pl]
  #

  Parent