Vulnerability was discovered in apt that allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package. The bug has been fixed in the latest versions of apt. If you’re worried about being exploited during the update process, you can protect yourself by manually installing the update or disabling HTTP redirects while you update. To do that, run:

$ sudo apt -o Acquire::http::AllowRedirect=false update
$ sudo apt -o Acquire::http::AllowRedirect=false upgrade