[Bug 1714602] [NEW] ieee-data cron fails every month because it DDoSes an upstream website

Lukas Erlacher erlacher at in.tum.de
Fri Sep 1 22:23:12 UTC 2017 

Public bug reported:

This is a known and fixed upstream bug: https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=826104

The package tries to update its data every month from an apparently not
so strong host, causing a classic thundering horde DDoS.

Debian fixed this by deciding the cronjob wasn't such a good idea after
all and simply removing it.

The fixed version of the package is in zesty and above, while xenial
still has a bad version.

_Release Information:_

$ lsb_release -rd
Description:	Ubuntu 16.04.3 LTS
Release:	16.04

_Package Information:_

$ apt-cache policy ieee-data
ieee-data:
  Installed: 20150531.1
  Candidate: 20150531.1
  Version table:
 *** 20150531.1 500
        500 http://ubuntumirror.informatik.tu-muenchen.de/ubuntu xenial/main amd64 Packages
        500 http://ubuntumirror.informatik.tu-muenchen.de/ubuntu xenial/main i386 Packages
        100 /var/lib/dpkg/status

_What you expected to happen:_

Nothing

_What happened instead:_

I got this e-mail from cron:

Subject: Cron <root at host> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
Date: Fri,  1 Sep 2017 06:55:47 +0200 (CEST)
From: Cron Daemon <root at host>
To: root at host

run-parts: /etc/cron.monthly/ieee-data exited with return code 1

** Affects: ieee-data (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ieee-data in Ubuntu.
https://bugs.launchpad.net/bugs/1714602

Title:
  ieee-data cron fails every month because it DDoSes an upstream website

Status in ieee-data package in Ubuntu:
  New

Bug description:
  This is a known and fixed upstream bug: https://bugs.debian.org/cgi-
  bin/bugreport.cgi?bug=826104

  The package tries to update its data every month from an apparently
  not so strong host, causing a classic thundering horde DDoS.

  Debian fixed this by deciding the cronjob wasn't such a good idea
  after all and simply removing it.

  The fixed version of the package is in zesty and above, while xenial
  still has a bad version.

  _Release Information:_

  $ lsb_release -rd
  Description:	Ubuntu 16.04.3 LTS
  Release:	16.04

  _Package Information:_

  $ apt-cache policy ieee-data
  ieee-data:
    Installed: 20150531.1
    Candidate: 20150531.1
    Version table:
   *** 20150531.1 500
          500 http://ubuntumirror.informatik.tu-muenchen.de/ubuntu xenial/main amd64 Packages
          500 http://ubuntumirror.informatik.tu-muenchen.de/ubuntu xenial/main i386 Packages
          100 /var/lib/dpkg/status

  _What you expected to happen:_

  Nothing

  _What happened instead:_

  I got this e-mail from cron:

  Subject: Cron <root at host> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
  Date: Fri,  1 Sep 2017 06:55:47 +0200 (CEST)
  From: Cron Daemon <root at host>
  To: root at host

  run-parts: /etc/cron.monthly/ieee-data exited with return code 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ieee-data/+bug/1714602/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list