[Bug 674534] [NEW] Update-notifier incorrectly reports security updates (including on login)

David Watson Fri, 12 Nov 2010 06:36:03 -0800

Public bug reported:

Binary package hint: update-notifier


1) Release:

da...@lucid:~$ lsb_release -rd
Description:    Ubuntu 10.04.1 LTS
Release:        10.04

2) Package version:

da...@lucid:~$ apt-cache policy update-notifier
update-notifier:
  Installed: (none)
  Candidate: 0.99.3
  Version table:
     0.99.3 0
        500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages

3) Default /etc/apt/sources.list, run:

sudo apt-get update
sudo apt-get --simulate upgrade

da...@lucid:~$ sudo apt-get --simulate upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be upgraded:
  debootstrap e2fslibs e2fsprogs libc-bin libc-dev-bin libc6 libc6-dev 
libc6-i386 libcomerr2 libfreetype6 libmysqlclient16 libss2 libudev0 libvirt-bin 
libvirt0 libxml2 linux-headers-2.6.32-25 linux-headers-2.6.32-25-server 
linux-image-2.6.32-25-server linux-libc-dev
  man-db mysql-client mysql-client-5.1 mysql-client-core-5.1 mysql-common 
mysql-server mysql-server-5.1 mysql-server-core-5.1 python-libvirt 
python-vm-builder ubuntu-vm-builder udev update-manager-core
33 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Inst libc6-i386 [2.11.1-0ubuntu7.2] (2.11.1-0ubuntu7.5 
Ubuntu:10.04/lucid-updates) []
Inst libc-dev-bin [2.11.1-0ubuntu7.2] (2.11.1-0ubuntu7.5 
Ubuntu:10.04/lucid-updates) [libc6-dev ]
Inst libc6-dev [2.11.1-0ubuntu7.2] (2.11.1-0ubuntu7.5 
Ubuntu:10.04/lucid-updates) []
Inst libc-bin [2.11.1-0ubuntu7.2] (2.11.1-0ubuntu7.5 
Ubuntu:10.04/lucid-updates) [libc6 ]
Conf libc-bin (2.11.1-0ubuntu7.5 Ubuntu:10.04/lucid-updates) [libc6 ]
Inst libc6 [2.11.1-0ubuntu7.2] (2.11.1-0ubuntu7.5 Ubuntu:10.04/lucid-updates)
Conf libc6 (2.11.1-0ubuntu7.5 Ubuntu:10.04/lucid-updates)
Inst linux-libc-dev [2.6.32-25.44] (2.6.32-25.45 Ubuntu:10.04/lucid-updates)
Inst man-db [2.5.7-2] (2.5.7-2ubuntu1 Ubuntu:10.04/lucid-updates)
Inst e2fslibs [1.41.11-1ubuntu2] (1.41.11-1ubuntu2.1 
Ubuntu:10.04/lucid-updates) [e2fsprogs on e2fslibs] [e2fsprogs ]
Conf e2fslibs (1.41.11-1ubuntu2.1 Ubuntu:10.04/lucid-updates) [e2fsprogs ]
Inst e2fsprogs [1.41.11-1ubuntu2] (1.41.11-1ubuntu2.1 
Ubuntu:10.04/lucid-updates)
Conf e2fsprogs (1.41.11-1ubuntu2.1 Ubuntu:10.04/lucid-updates)
Inst linux-image-2.6.32-25-server [2.6.32-25.44] (2.6.32-25.45 
Ubuntu:10.04/lucid-updates)
Inst mysql-common [5.1.41-3ubuntu12.6] (5.1.41-3ubuntu12.7 
Ubuntu:10.04/lucid-updates)
Inst mysql-server [5.1.41-3ubuntu12.6] (5.1.41-3ubuntu12.7 
Ubuntu:10.04/lucid-updates)
Inst mysql-client [5.1.41-3ubuntu12.6] (5.1.41-3ubuntu12.7 
Ubuntu:10.04/lucid-updates)
Inst libmysqlclient16 [5.1.41-3ubuntu12.6] (5.1.41-3ubuntu12.7 
Ubuntu:10.04/lucid-updates)
Inst mysql-client-core-5.1 [5.1.41-3ubuntu12.6] (5.1.41-3ubuntu12.7 
Ubuntu:10.04/lucid-updates)
Inst mysql-client-5.1 [5.1.41-3ubuntu12.6] (5.1.41-3ubuntu12.7 
Ubuntu:10.04/lucid-updates)
Inst mysql-server-core-5.1 [5.1.41-3ubuntu12.6] (5.1.41-3ubuntu12.7 
Ubuntu:10.04/lucid-updates)
Conf mysql-common (5.1.41-3ubuntu12.7 Ubuntu:10.04/lucid-updates)
Inst mysql-server-5.1 [5.1.41-3ubuntu12.6] (5.1.41-3ubuntu12.7 
Ubuntu:10.04/lucid-updates)
Inst libcomerr2 [1.41.11-1ubuntu2] (1.41.11-1ubuntu2.1 
Ubuntu:10.04/lucid-updates)
Conf libcomerr2 (1.41.11-1ubuntu2.1 Ubuntu:10.04/lucid-updates)
Inst libss2 [1.41.11-1ubuntu2] (1.41.11-1ubuntu2.1 Ubuntu:10.04/lucid-updates)
Conf libss2 (1.41.11-1ubuntu2.1 Ubuntu:10.04/lucid-updates)
Inst libudev0 [151-12.1] (151-12.2 Ubuntu:10.04/lucid-updates)
Inst udev [151-12.1] (151-12.2 Ubuntu:10.04/lucid-updates)
Inst libxml2 [2.7.6.dfsg-1ubuntu1] (2.7.6.dfsg-1ubuntu1.1 
Ubuntu:10.04/lucid-updates)
Inst update-manager-core [1:0.134.10] (1:0.134.11 Ubuntu:10.04/lucid-updates)
Inst libfreetype6 [2.3.11-1ubuntu2.2] (2.3.11-1ubuntu2.4 
Ubuntu:10.04/lucid-updates)
Inst libvirt-bin [0.7.5-5ubuntu27.3] (0.7.5-5ubuntu27.7 
Ubuntu:10.04/lucid-updates) []
Inst libvirt0 [0.7.5-5ubuntu27.3] (0.7.5-5ubuntu27.7 Ubuntu:10.04/lucid-updates)
Inst linux-headers-2.6.32-25 [2.6.32-25.44] (2.6.32-25.45 
Ubuntu:10.04/lucid-updates)
Inst linux-headers-2.6.32-25-server [2.6.32-25.44] (2.6.32-25.45 
Ubuntu:10.04/lucid-updates)
Inst python-libvirt [0.7.5-5ubuntu27.3] (0.7.5-5ubuntu27.7 
Ubuntu:10.04/lucid-updates)
Inst debootstrap [1.0.20ubuntu1] (1.0.20ubuntu1.1 Ubuntu:10.04/lucid-updates)
Inst python-vm-builder [0.12.4-0ubuntu0.1] (0.12.4-0ubuntu0.2 
Ubuntu:10.04/lucid-updates)
Inst ubuntu-vm-builder [0.12.4-0ubuntu0.1] (0.12.4-0ubuntu0.2 
Ubuntu:10.04/lucid-updates)
Conf libc6-i386 (2.11.1-0ubuntu7.5 Ubuntu:10.04/lucid-updates)
Conf libc-dev-bin (2.11.1-0ubuntu7.5 Ubuntu:10.04/lucid-updates)
Conf linux-libc-dev (2.6.32-25.45 Ubuntu:10.04/lucid-updates)
Conf libc6-dev (2.11.1-0ubuntu7.5 Ubuntu:10.04/lucid-updates)
Conf man-db (2.5.7-2ubuntu1 Ubuntu:10.04/lucid-updates)
Conf linux-image-2.6.32-25-server (2.6.32-25.45 Ubuntu:10.04/lucid-updates)
Conf libmysqlclient16 (5.1.41-3ubuntu12.7 Ubuntu:10.04/lucid-updates)
Conf mysql-client-core-5.1 (5.1.41-3ubuntu12.7 Ubuntu:10.04/lucid-updates)
Conf mysql-client-5.1 (5.1.41-3ubuntu12.7 Ubuntu:10.04/lucid-updates)
Conf mysql-server-core-5.1 (5.1.41-3ubuntu12.7 Ubuntu:10.04/lucid-updates)
Conf mysql-server-5.1 (5.1.41-3ubuntu12.7 Ubuntu:10.04/lucid-updates)
Conf mysql-server (5.1.41-3ubuntu12.7 Ubuntu:10.04/lucid-updates)
Conf mysql-client (5.1.41-3ubuntu12.7 Ubuntu:10.04/lucid-updates)
Conf libudev0 (151-12.2 Ubuntu:10.04/lucid-updates)
Conf udev (151-12.2 Ubuntu:10.04/lucid-updates)
Conf libxml2 (2.7.6.dfsg-1ubuntu1.1 Ubuntu:10.04/lucid-updates)
Conf update-manager-core (1:0.134.11 Ubuntu:10.04/lucid-updates)
Conf libfreetype6 (2.3.11-1ubuntu2.4 Ubuntu:10.04/lucid-updates)
Conf libvirt0 (0.7.5-5ubuntu27.7 Ubuntu:10.04/lucid-updates)
Conf libvirt-bin (0.7.5-5ubuntu27.7 Ubuntu:10.04/lucid-updates)
Conf linux-headers-2.6.32-25 (2.6.32-25.45 Ubuntu:10.04/lucid-updates)
Conf linux-headers-2.6.32-25-server (2.6.32-25.45 Ubuntu:10.04/lucid-updates)
Conf python-libvirt (0.7.5-5ubuntu27.7 Ubuntu:10.04/lucid-updates)
Conf debootstrap (1.0.20ubuntu1.1 Ubuntu:10.04/lucid-updates)
Conf python-vm-builder (0.12.4-0ubuntu0.2 Ubuntu:10.04/lucid-updates)
Conf ubuntu-vm-builder (0.12.4-0ubuntu0.2 Ubuntu:10.04/lucid-updates)

Check whether pending updates come from lucid-updates or lucid-security
repo:

da...@lucid:~$ sudo apt-get --simulate upgrade | grep ^Inst | grep 
lucid-updates | wc -l
33

da...@lucid:~$ sudo apt-get --simulate upgrade | grep ^Inst | grep 
lucid-security | wc -l
0

Since no security patches are currently pending from the lucid-security
repo, I'd expect update-notifier to report zero pending security patches
on login.

4) However, run update-notifier and compare the output:

da...@lucid:~$ /usr/lib/update-notifier/apt-check --human-readable
33 packages can be updated.
24 updates are security updates.

Update-notifier appears to be using a different definition for what
compromises a security patch to the Ubuntu repo definition. According to
https://help.ubuntu.com/community/Repositories/Ubuntu:

"Important Security Updates (lucid-security)". Patches for security
vulnerabilities in Ubuntu packages. They are managed by the Ubuntu
Security Team and are designed to change the behavior of the package as
little as possible -- in fact, the minimum required to resolve the
security problem. As a result, they tend to be very low-risk to apply
and all users are urged to apply security updates.

"Recommended Updates (lucid-updates)". Updates for serious bugs in
Ubuntu packaging that do not affect the security of the system.

You can also compare this behaviour with the Nagios check_apt check too:

da...@lucid:~$ /usr/lib/nagios/plugins/check_apt
APT WARNING: 33 packages available for upgrade (0 critical updates).

Which matches my understanding of what is expected.

Issue is also reproducible on Karmic:

da...@karmic:~$ sudo apt-get --simulate upgrade | grep Inst | grep 
karmic-updates | wc -l
23
da...@karmic:~$ sudo apt-get --simulate upgrade | grep Inst | grep 
karmic-security | wc -l
0
da...@karmic:~$  /usr/lib/update-notifier/apt-check --human-readable
25 packages can be updated.
23 updates are security updates.

** Affects: update-notifier (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Update-notifier incorrectly reports security updates (including on login)
https://bugs.launchpad.net/bugs/674534
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 674534] [NEW] Update-notifier incorrectly reports security updates (including on login)

Reply via email to