Justicz: Remote Code Execution in apt/apt-get

Max Justicz describes a
vulnerability in apt-get and how to prevent it. 'I found a
vulnerability in apt that allows a network man-in-the-middle (or a
malicious package mirror) to execute arbitrary code as root on a machine
installing any package. The bug has been fixed in the latest versions of
apt. If you’re worried about being exploited during the update process, you
can protect yourself by disabling HTTP redirects while you update.'