Jump to: navigation, search

Template:CVE-2016-1252


If you apt version is 1.0.9.8.3 or lower, you should upgrade using the following method. If you are already using apt version 1.0.9.8.4 or higher, you can just do a regular upgrade.

To find our your current apt version.

dpkg-query --show apt

Should show something like this.

apt 1.0.9.8.3

Create a temporary folder.

mkdir ~/temp-apt-bug

Change directory into the temporary folder.

cd ~/temp-apt-bug

Update your package lists.

sudo apt-get update

Download apt.

apt-get download apt apt-transport-https apt-utils libapt-inst1.5 libapt-pkg4.12

You should see something like this.

{{{download_line}}}

It is important that the version number is 1.0.9.8.4 or higher. (However, a higher version number will result in the following checksum comparison to fail. Then we need to update this page.)

Find out the sha256 checksum of the apt package you just downloaded.

sha256sum *.deb

Should show.

{{{sha256sum}}}

That checksums are matching

but it could therefore only be verified using https, not gpg.

Install the manually verified packages.

sudo dpkg -i *.deb

After that you should proceed with a system upgrade as usual.

If you wish you can delete the temporary folder ~/temp-apt-bug.

forum discussion: