[PVE-User] APT CVE-2019-3462 (please read before upgrading!)

Fabian Gr├╝nbichler f.gruenbichler at proxmox.com
Wed Jan 23 10:27:36 CET 2019


The APT package manager used by Proxmox VE and Proxmox Mail Gateway was
recently discovered to be affected by CVE-2019-3462, allowing a
Man-In-The-Middle or malicious mirror server to execute arbitrary code
with root privileges when affected systems attempt to install upgrades.

To securely upgrade your systems, run the following commands as root:

# apt -o Acquire::http::AllowRedirect=false update
# apt -o Acquire::http::AllowRedirect=false full-upgrade

and verify that apt is now at least version 1.4.9 on Debian Stretch:

$ apt -v
apt 1.4.9 (amd64)

Please see the Debian Security Advisory for details:
https://www.debian.org/security/2019/dsa-4371



More information about the pve-user mailing list