Security researcher discovers new critical remote code execution flaw in the APT package manager. The vulnerability resides in the widely used utility that handles installation, update and removal of software on Linux. The APT utility doesn’t properly sanitize certain parameters during HTTP redirects, allowing man-in-the-middle attackers to inject malicious content and trick the system into installing altered packages. The developers of APT software have released updated version 1.4.9 to fix the reported vulnerability. It is highly recommended for Linux users to update their systems as soon as possible.
Source: https://thehackernews.com/2019/01/linux-apt-http-hacking.html