Follow these instructions:
Operating System Software and Updates
Not required for Whonix 14.0.1.3.8 (currently testers-only version) or above.
1 Like
Sorry guys but Iâm a bit confused by this.
Before I saw this announcement, earlier today, I upgraded my qubes whonix templates.
Now I run dpkg -l | grep âcommandline package managerâ. and get reply: ii apt 1.4.9 amd64 commandline package manager.
Does this mean all is well? OR do I need to do something?
Naive question: how do we mere mortal end users check that our Whonix installs werenât already rooted by NSA using this apt vulnerability?
Means you probably made the upgrade without the special instructions and the system might have been compromised during the upgrade.
If you want have higher certainty youâd have to apply disaster recovery steps but we donât have that documented yet.
Document recovery procedure after compromise
You donât.
proposal for package manager update security on/off switch to be prepared for the next APT security vulnerablity:
https://groups.google.com/forum/#!msg/qubes-devel/030ikOTKsgo/aobQPdYXFgAJ
hello.
During this apt related instruction,is it ok to select N?
Configuration file â/etc/apt/sources.list.d/debian.listâ
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainerâs version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** debian.list (Y/I/N/O/D/Z) [default=N] ?
File provided by Whonix.
anon-apt-sources-list/debian.list at master ¡ Kicksecure/anon-apt-sources-list ¡ GitHub
Installation is safe. Installation will revert user modification of /etc/apt/sources.list.d/debian.list. These could be re-applied.
Related to:
See also: