[Bug 781132] Re: corrupted /var/lib/apt/lists
*** This bug is a duplicate of bug 346386 *** https://bugs.launchpad.net/bugs/346386 ** This bug has been marked a duplicate of bug 346386 [MASTER] Update fails with invalid package files with Encountered a section with no Package: header -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/781132 Title: corrupted /var/lib/apt/lists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aptitude/+bug/781132/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 781132] Re: corrupted /var/lib/apt/lists
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/781132 Title: corrupted /var/lib/apt/lists -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 781132] Re: corrupted /var/lib/apt/lists
Thank you for using Ubuntu and reporting a bug. Based on the information you have provided, aptitude is correctly erroring out on the 'malformed' files, and should not be executing any code as a result. It is theoretically possible for a malicious server to improper files, but the signatures would not match. It might be possible to replay valid old files to prevent you from updating, but this is rather convoluted, is an old issue and fixed in Ubuntu (bug #247445). Replay attacks against security mirrors are also discussed here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499897 ** Bug watch added: Debian Bug tracker #499897 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499897 ** Changed in: aptitude (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/781132 Title: corrupted /var/lib/apt/lists -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 781132] Re: corrupted /var/lib/apt/lists
OK, so it's perhaps not a security problem, but it sure is a problem! From anyone but an expert's point of view, if that happens, your Ubuntu system appears to be broken. One cannot install new software or get updates. Worrying error messages will appear. Proper system behaviour would be to: (a) detect malformed files before the old files are trashed. (b) do not throw away the old files until the new ones are confirmed, (c) Produce an intelligible error message, something on the order of Your attempt to update Ubuntu failed because the updates are corrupted. Please check your network connection, check the server, and try again. ** Changed in: aptitude (Ubuntu) Status: Invalid = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/781132 Title: corrupted /var/lib/apt/lists -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 781132] Re: corrupted /var/lib/apt/lists
** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/781132 Title: corrupted /var/lib/apt/lists -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
