There is no evidence apt itself has been compromised and a simple check of the file hash would tell you if it had.

You can't get MITM (which is the only way this attack vector actually works) if you're downloading via https from official repos, which is what 99.99% of users are doing. Even the PPA repos are served over https. The repos are doing their own signature checking prior to allowing the package maintainer to upload a package.

This is literally a question of "does the file hash match the published hash?".

If yes, then there is nothing to worry about. If no, then where did you obtain your copy of apt from? Either way, an apt update (as per the CVE) will fix this.

This isn't gentoo or Arch. You don't rebuild apt from a trusted source, you download it from your distro maintainer. Apt isn't what's compromised here, it's just that some of the packages apt can install could be handled incorrectly if their signature validation check failed.

Your advice is very, very bad. It's ignorant and borders on dangerous. I just thank god no PHB's are reading steemit for IT advice.

This is a bug in apt, which is just a program. An important program, but still it's just part of user space. You're asking people to revert the entire OS including the kernel to a state where the apt bug would still be present, but they would have rolled back any and all updates since the last distro release was cut.

Following this advice would leave their system vulnerable until such time as the system had finished updating. When the system updated it would be doing the exact same thing I just recommended.

There is no example of this being exploited in the wild. No packages are missing signatures, nor do any known packages have bad signatures.

Just apt update and be done with it.