[Bug 800438] Re: [ ERR] Reading package lists ... no Package: header
Launchpad Bug Tracker
800438 at bugs.launchpad.net
Wed Jan 18 22:46:39 UTC 2012
*** This bug is a duplicate of bug 346386 ***
https://bugs.launchpad.net/bugs/346386
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: aptitude (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptitude in Ubuntu.
https://bugs.launchpad.net/bugs/800438
Title:
[ ERR] Reading package lists ... no Package: header
Status in “aptitude” package in Ubuntu:
Confirmed
Bug description:
Internet cafes that require web log-in typically perform IP spoofing
to get your browser to visit their logon page before enabling access
to the world. However if you forget to launch your browser before
launching aptitude (or it runs an update in the background), and then
subsequently launch the browser and successfully log-on, the running
aptitude process can be fooled into inserting incorrect URLs into its
"list" files aquired during update. Best case, ubuntu users of
internet cafes with this type of insecure logon are likely to
eventually end up with corrupted lists files that make aptitude
unrunnable. Worst case, some ubuntu users may be vulnerable to IP
spoofing by anyone within range of the internet cafe. I did at some
point accept a security certificate for canonical that was obviously
coming from/through my internet cafe to avoid error messages during to
sporadic wifi connections. And this may be the ultimate cause. If so,
the security vulnerability is not Ubuntu but the user. However, this
is such a common scenario, that it should be possible for Ubuntu to
detect when local IP spoofing is occurring on the wifi connection so
that it can inform the user to launch their browser and log on, rather
than accepting the bogus IP addresses and URLs it receives from the
internet cafe. Here's a console activity log:
# The command that causes the error message
hobs at hobs-laptop:~$ sudo aptitude clean
[ ERR] Reading package lists
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_natty_partner_binary-i386_Packages
E: The package lists or status file could not be parsed or opened.
[ ERR] Reading package lists
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_natty_partner_binary-i386_Packages
E: The package lists or status file could not be parsed or opened.
# Notice the local domain IP addresses used in a URL -- typical of the spoofing done by Internet cafe's with web log-in pages
hobs at hobs-laptop:/var/lib/apt/lists$ more /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_natty_partner_binary-i386_Packages
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="Microsoft FrontPage 5.0" name=GENERATOR>
<META HTTP-EQUIV="refresh" content="0;URL=/cgi-bin/main2.cgi?ip=10.10.16.245&mac=00:e0:4c:25:91:4d&url=http://archive.canonical.com/ubuntu/dists/natty/pa
rtner/binary-i386/Packages.gz" target=_top>
</HEAD>
</BODY>
</HTML>
# List all corrupted files:
hobs at hobs-laptop:~$ cd /var/lib/apt
hobs at hobs-laptop:/var/lib/apt$ alias grep='grep --color=auto --extended-regexp'
hobs at hobs-laptop:/var/lib/apt$ grep -R -l -e '10[.]10' -e '&mac=' *
keyrings/ubuntu-archive-keyring.gpg
lists/mirror.anl.gov_pub_ubuntu_dists_natty-backports_main_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_restricted_i18n_Translation-en
lists/security.ubuntu.com_ubuntu_dists_natty-security_restricted_binary-i386_Packages
lists/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_universe_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_universe_binary-i386_Packages
lists/security.ubuntu.com_ubuntu_dists_natty-security_main_i18n_Translation-en
lists/mirror.anl.gov_pub_ubuntu_dists_natty-updates_multiverse_i18n_Index
grep: lists/lock: Permission denied
lists/security.ubuntu.com_ubuntu_dists_natty-security_multiverse_i18n_Translation-en%5fUS
lists/security.ubuntu.com_ubuntu_dists_natty-security_main_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty_main_binary-i386_Packages
lists/mirror.anl.gov_pub_ubuntu_dists_natty_universe_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty_main_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-updates_universe_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-backports_universe_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-updates_restricted_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_main_i18n_Translation-en%5fUS
lists/mirror.anl.gov_pub_ubuntu_dists_natty-backports_restricted_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty_universe_binary-i386_Packages
lists/archive.canonical.com_ubuntu_dists_natty_partner_source_Sources
lists/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_restricted_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_main_binary-i386_Packages
lists/security.ubuntu.com_ubuntu_dists_natty-security_restricted_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty_multiverse_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_restricted_i18n_Translation-en%5fUS
lists/security.ubuntu.com_ubuntu_dists_natty-security_multiverse_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_universe_i18n_Index
lists/archive.canonical.com_ubuntu_dists_natty_partner_i18n_Translation-en%5fUS
lists/mirror.anl.gov_pub_ubuntu_dists_natty_restricted_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_main_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_multiverse_i18n_Translation-en
lists/mirror.anl.gov_pub_ubuntu_dists_natty-updates_main_i18n_Index
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_multiverse_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_universe_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_main_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_multiverse_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_main_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_multiverse_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_restricted_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_main_i18n_Translation-en
lists/partial/security.ubuntu.com_ubuntu_dists_natty-security_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_multiverse_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_restricted_i18n_Translation-en
lists/partial/security.ubuntu.com_ubuntu_dists_natty-security_universe_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_multiverse_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_multiverse_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_universe_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_universe_i18n_Translation-en
lists/partial/security.ubuntu.com_ubuntu_dists_natty-security_universe_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_restricted_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_universe_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_universe_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_universe_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_main_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_multiverse_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_main_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_main_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_main_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_multiverse_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_restricted_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_restricted_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_restricted_i18n_Translation-en%5fUS
lists/partial/archive.canonical.com_ubuntu_dists_natty_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_main_i18n_Translation-en%5fUS
lists/archive.canonical.com_ubuntu_dists_natty_partner_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_multiverse_binary-i386_Packages
lists/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_multiverse_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-backports_multiverse_i18n_Index
# Draconian cleanup solution:
hobs at hobs-laptop:/var/lib/apt/lists$ cd partial
hobs at hobs-laptop:/var/lib/apt/lists/partial$ sudo rm *
hobs at hobs-laptop:/var/lib/apt/lists/partial$ cd ..
hobs at hobs-laptop:/var/lib/apt/lists$ cd ..
hobs at hobs-laptop:/var/lib/apt$
hobs at hobs-laptop:/var/lib/apt$ sudo rm keyrings/ubuntu-archive-keyring.gpg
hobs at hobs-laptop:/var/lib/apt$ sudo aptitude clean
hobs at hobs-laptop:/var/lib/apt$ sudo aptitude update
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptitude/+bug/800438/+subscriptions
More information about the foundations-bugs
mailing list