Image: securebox.comodo.com The vulnerability present in the "apt" Package Manager allows a remote attacker to perform a man-in-the-middle attack by to execute arbitrary code (or a malicious package mirror) as root on a machine installing any package. This bug has been introduce with the apt version starting with 0.8.15 and indepndent security consultant Max Justicz discovered this critical issue. Canonical has released patched versions of APT for Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 ESM (Precise Pangolin). On the other hand, the Debian Project released patched APT packages for the Debian GNU/Linux 9 "Stretch" series. How to fix? Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using: apt -o Acquire::http::AllowRedirect= f