The APT package manager used by Proxmox VE and Proxmox Mail Gateway was recently discovered to be affected by CVE-2019-3462, allowing a Man-In-The-Middle or malicious mirror server to execute arbitrary code with root privileges when affected systems attempt to install upgrades.
To securely upgrade your systems, run the following commands as root: # apt -o Acquire::http::AllowRedirect=false update # apt -o Acquire::http::AllowRedirect=false full-upgrade and verify that apt is now at least version 1.4.9 on Debian Stretch: $ apt -v apt 1.4.9 (amd64) Please see the Debian Security Advisory for details: https://www.debian.org/security/2019/dsa-4371 _______________________________________________ pve-user mailing list pve-user@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user