A vulnerability was discovered in apt.
For full information on the vulnerability itself, please utilize the following resources:
https://justi.cz/security/2019/01/22/apt-rce.html
https://usn.ubuntu.com/3863-1/
https://lists.debian.org/debian-security-announce/2019/msg00010.html
We have made a change to our convenience images to always pull the latest version of apt to directly address this vulnerability. At the time of writing this the upstream images from which we base our convenience images have not yet pulled in the patched version of apt.
PR https://github.com/circleci/circleci-images/pull/328/files
Workflow https://circleci.com/workflow-run/e92ac122-6773-4492-b695-d49778731695
In addition to our convenience images we are pushing an update to our machine
executor to update apt
there, as well.
Thank you for your patience while we roll out the fixes across all our images and VMs.
EDIT: All our convenience images have finished publishing and our machine
executor will have the latest version of apt when your job begins. Thank you again for your patience while we deployed the patches.