Re: APT vulnerability [DSA 4371-1]
On 22.01.2019 16:59, Vladislav Kurz wrote:
Hello everybody,
is this vulnerability affecting also apt-get ?
Yes, the vulnerability is in http backend, which is used by apt-get.
If yes, will there be another DSA soon?
No, because apt-get tool is in the package apt.
I'm also encountering many errors when using
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
As written in announcement: This is known to break some proxies when
used against security.debian.org.
However I do not use proxy at all. I have problems with jessie/updates,
cdn.debian.net, and http.debian.net
Try these URLs: http://cdn-fastly.deb.debian.org/debian, http://cdn-fastly.deb.debian.org/debian-security. The domains cdn.debian.net and http.debian.net are deprecated, use deb.debian.org instead.
Err http://security.debian.org jessie/updates/main i386 Packages
302 Found [IP: 217.196.149.233 80]
Err http://security.debian.org jessie/updates/contrib i386 Packages
302 Found [IP: 217.196.149.233 80]
Err http://security.debian.org jessie/updates/non-free i386 Packages
302 Found [IP: 217.196.149.233 80]
Fetched 151 kB in 9s (16.2 kB/s)
Err:14 http://cdn.debian.net/debian stretch Release
302 Found [IP: 2001:4f8:1:c::15 80]
Err:15 http://cdn.debian.net/debian stretch-updates Release
302 Found [IP: 2001:4f8:1:c::15 80]
Err:16 http://cdn.debian.net/debian stretch-backports Release
302 Found [IP: 2001:4f8:1:c::15 80]
Err:7 http://http.debian.net/debian stretch Release
302 Found [IP: 2001:67c:2564:a119::148:14 80]
Err:8 http://http.debian.net/debian stretch-updates Release
302 Found [IP: 2001:67c:2564:a119::148:14 80]
Err:9 http://http.debian.net/debian stretch-backports Release
302 Found [IP: 2001:67c:2564:a119::148:14 80]
Reply to: