[Bug 1501177] Re: Updating kernel with update-manager without password
Launchpad Bug Tracker
1501177 at bugs.launchpad.net
Thu Oct 8 16:53:12 UTC 2015
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: update-manager (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1501177
Title:
Updating kernel with update-manager without password
Status in update-manager package in Ubuntu:
Confirmed
Bug description:
When using Software Updater (which I believe is software-manager) and
*updating the kernel*, password is usually requested. However, there
is a way to avoid it. This may be a security vulnerability.
If kernel packages are due for an update and all the updates are
performed at the same time, password is requested. On the other hand,
if updates are performed in a specific order, password is not
requested.
How to reproduce it:
1. Update everything, except for the kernel related updates (please
look at http://ibin.co/2HOn2ZCX580d ).
2. Next, deselect everything and update "Complete Generic Linux kernel
and headers".
Then, the only update left is "Linux Kernel Headers for development",
which can be performed without password as well.
I have seen this behaviour in two machines, for a long time now.
Using Ubuntu 14.04.3
update-manager:
Installed: 1:0.196.13
Candidate: 1:0.196.13
Version table:
*** 1:0.196.13 0
500 http://ar.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
100 /var/lib/dpkg/status
1:0.196.11 0
500 http://ar.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1501177/+subscriptions
More information about the foundations-bugs
mailing list