[Bug 1705541] [NEW] No password needed for installing updates

Samuel Walker 1705541 at bugs.launchpad.net
Thu Jul 20 17:09:29 UTC 2017 

*** This bug is a security vulnerability ***

Public security bug reported:

When installing updates through update-manager it does not ask for password even though it should.
Updates do install correctly however it is a security issue that it does not prompt for password.
When installing updates via the terminal it still prompts for password with apt as it should.

uname -a
Linux xxxxxx-HP-ENVY-Notebook 4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:43 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

lsb_release -rd
Description:	Ubuntu 16.04.2 LTS
Release:	16.04

apt-cache policy update-manager
update-manager:
  Installed: 1:16.04.6
  Candidate: 1:16.04.6
  Version table:
 *** 1:16.04.6 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://ca.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
        100 /var/lib/dpkg/status
     1:16.04.3 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        500 http://ca.archive.ubuntu.com/ubuntu xenial/main i386 Packages

** Affects: update-manager (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1705541

Title:
  No password needed for installing updates

Status in update-manager package in Ubuntu:
  New

Bug description:
  When installing updates through update-manager it does not ask for password even though it should.
  Updates do install correctly however it is a security issue that it does not prompt for password.
  When installing updates via the terminal it still prompts for password with apt as it should.

  uname -a
  Linux xxxxxx-HP-ENVY-Notebook 4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:43 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

  lsb_release -rd
  Description:	Ubuntu 16.04.2 LTS
  Release:	16.04

  apt-cache policy update-manager
  update-manager:
    Installed: 1:16.04.6
    Candidate: 1:16.04.6
    Version table:
   *** 1:16.04.6 500
          500 http://ca.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
          500 http://ca.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
          100 /var/lib/dpkg/status
       1:16.04.3 500
          500 http://ca.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
          500 http://ca.archive.ubuntu.com/ubuntu xenial/main i386 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1705541/+subscriptions

More information about the foundations-bugs mailing list