[Bug 1406268] Re: apt does not validate lists received from the network.
Julian Andres Klode
julian.klode at gmail.com
Tue Jul 18 15:14:25 UTC 2017
Marking this as released. It seems we fixed most instances of these bugs
in apt 1.1 and later (xenial and newer), with its massive changes to the
acquire system.
** Changed in: apt (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1406268
Title:
apt does not validate lists received from the network.
Status in apt package in Ubuntu:
Fix Released
Bug description:
When loading update manager on my laptop, I noticed that it silently
stopped and would not load or check for updates.
Upon investigation I discovered the following error:-
#apt-get update
.
.
.
Reading package lists... Error!
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/extras.ubuntu.com_ubuntu_dists_trusty_main_i18n_Translation-en
E: The package lists or status file could not be parsed or opened.
#
The cause of this was that, some time ago it had tried to update while on a network which had some filtering, and the content of a number of files inside the folder "/var/lib/apt/lists" contained a "pay wall" HTML screen. I was however, no-longer connected to the network in question and the error persisted indefinitely until I manually removed the files which had the suspect content.
eg. sudo rm /var/lib/apt/lists/extras.ubuntu.com*
I see this as a significant security issue, since any user could
connect to a public wifi point, and accidentally collect corrupted apt
list data, either before signing on to a pay wall, or if they do not
sign on, and after this _NO FURTHER UPDATES_ will be performed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1406268/+subscriptions
More information about the foundations-bugs
mailing list