Although there are instructions to do it here for Debian Debian -- Security Information -- DSA-4371-1 apt the mirror can’t be used in Kali (at least on my system) and installing the Debian packages with dpkg -i breaks the system.
But the problem here is that with the apt update and && apt upgrade using the vulnerable version, it is susceptible to an injection attack. That was what I’m asking – how to avoid that injection attack.
Changing http to https makes the update simply fail on my system.
I’m not an expert in the dependencies and workings of apt especially in the context of the exploit (what exactly is required to exploit it?). I’m sure others that didn’t study this exploit in detail would be wondering the same thing: Is it sufficient to download and manually install Debian -- Package Download Selection -- apt_1.8.2.3_amd64.deb ?
It seems that these packages are to be upgraded if I had let it just go about its business insecurely:
Do I need to download each of these, manually, and install? Or is just apt by itself enough to allow safely returning to regular apt update && apt upgrade?
I guess most people that encounter this, including myself, will simply end up getting frustrated and not caring.
to avoid redirecting and then upgrade your apt package. Https only works, when apt-transport-https is installed, which is not by default.
After the apt upgrade you could install it and enable/add https repositories.
But it depends on your mirrors, if they redirect by default or not. So this workaround might be pointless.