Y
Hacker News
new
|
ask
|
show
|
jobs
by
est31
2708 days ago
Weren't PGP signatures supposed to ensure integrity? How is this being bypassed?
1 comments
detaro
2708 days ago
The attack can inject fake hashes into the process, so it can pretend the file has the correct checksum:
https://justi.cz/security/2019/01/22/apt-rce.html
link
jwilk
2708 days ago
Discussed on HN:
https://news.ycombinator.com/item?id=18968370
link