special instructions required to securely update because of apt security update [DSA 4371-1]

Follow these instructions:
Operating System Software and Updates - Kicksecure

Not required for Whonix (currently testers-only version) or above.

1 Like

Sorry guys but I’m a bit confused by this.
Before I saw this announcement, earlier today, I upgraded my qubes whonix templates.
Now I run dpkg -l | grep “commandline package manager”. and get reply: ii apt 1.4.9 amd64 commandline package manager.
Does this mean all is well? OR do I need to do something?

Naive question: how do we mere mortal end users check that our Whonix installs weren’t already rooted by NSA using this apt vulnerability?

Means you probably made the upgrade without the special instructions and the system might have been compromised during the upgrade.

If you want have higher certainty you’d have to apply disaster recovery steps but we don’t have that documented yet.

Document recovery procedure after compromise

You don’t.

Frequently Asked Questions - Whonix ™ FAQ

proposal for package manager update security on/off switch to be prepared for the next APT security vulnerablity:

During this apt related instruction,is it ok to select N?

Configuration file ‘/etc/apt/sources.list.d/debian.list’
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer’s version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** debian.list (Y/I/N/O/D/Z) [default=N] ?

File provided by Whonix.

anon-apt-sources-list/debian.list at master · Kicksecure/anon-apt-sources-list · GitHub

Installation is safe. Installation will revert user modification of /etc/apt/sources.list.d/debian.list. These could be re-applied.

Related to:

See also: