[Bug 1224999] [NEW] apt-check fails to see security updates in some circumstances

Michael Vogt michaelvogt at imap.cc
Thu Sep 19 12:20:17 UTC 2013 

On Fri, Sep 13, 2013 at 02:25:11PM -0000, ski wrote:
> *** This bug is a security vulnerability ***
> 
> Public security bug reported:
> 
> Running 12.04LTS with an old kernel package, apt-check fails to tell me
> that I am running a vulnerable kernel:
> 
> ski at nkrumah:~$ dpkg -l | grep linux-image ; cat /proc/version ; /usr/lib/update-notifier/apt-check --human-readable ; echo
> ii  linux-image-3.2.0-23-generic         3.2.0-23.36                       Linux kernel image for version 3.2.0 on 64 bit x86 SMP
> Linux version 3.2.0-23-generic (buildd at crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012
> 3 packages can be updated.
> 0 updates are security updates.
[..]

Thanks for your bugreport. It appears you don't have a
linux-image-generic package installed, this is the package that always
depends on the latest kernel. Could you please install it and see if
apt_check.py reports correct updates in this case ? (it will probably
pull in the latest linux-image update in this case though).

Cheers,
 Michael

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-notifier in Ubuntu.
https://bugs.launchpad.net/bugs/1224999

Title:
  apt-check fails to see security updates in some circumstances

Status in “update-notifier” package in Ubuntu:
  Incomplete

Bug description:
  Running 12.04LTS with an old kernel package, apt-check fails to tell
  me that I am running a vulnerable kernel:

  ski at nkrumah:~$ dpkg -l | grep linux-image ; cat /proc/version ; /usr/lib/update-notifier/apt-check --human-readable ; echo
  ii  linux-image-3.2.0-23-generic         3.2.0-23.36                       Linux kernel image for version 3.2.0 on 64 bit x86 SMP
  Linux version 3.2.0-23-generic (buildd at crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012
  3 packages can be updated.
  0 updates are security updates.

  ski at nkrumah:~$ dpkg -l | grep linux-image ; cat /proc/version ; /usr/libnotifier/apt-check -p ; echo
  ii  linux-image-3.2.0-23-generic         3.2.0-23.36                       Linux kernel image for version 3.2.0 on 64 bit x86 SMP
  Linux version 3.2.0-23-generic (buildd at crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012
  libx11-data
  tzdata
  libx11-6

  here is one such security bug affecting 3.2.0-23, i'd bet there are others:
    http://www.ubuntu.com/usn/usn-1929-1/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1224999/+subscriptions

More information about the foundations-bugs mailing list