[Bug 516500] Re: apt-cacher sometimes dissallows to download given packages untill cache is fixed. Failed to fetch

LimCore user.ubuntu at limcore.com
Tue Feb 9 09:13:46 UTC 2010 

Bug disables updates of Ubuntu for the clients.

I hope this will be seen as a security risk also by security team.

** Description changed:

  Binary package hint: apt-cacher
+ 
+ SECURITY:
+ apt-cacher stops downloading  given packages (or perhaps even indexes), and as a result any auto updates running other computers using this cache will stop working, probably silently, staying at old versions of software.
+ System's are not updating themselves, which can be a security problem.
+ 
  apt-cacher on server is up-to-date (2010.02.03) Ubuntu 9.10 amd64: 1.6.8ubuntu1
  aptitude on client is up-to-date (2010.02.03) Ubuntu 9.10 amd64
  
- Apt-cacher refused to allow a client to download "kgpg" package.
- 
- Each time (also after apt-cacher restart) the client was getting error:
+ Each time (also after apt-cacher restart) the client was getting error
+ of  Connection failed when updating some packages.
  
  # aptitude install konsole   korganizer  kgpg    -y
  [...]
  The following NEW packages will be installed:
    kgpg
  0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  Need to get 925kB of archives. After unpacking 2,085kB will be used.
  Writing extended state information... Done
  Err http://pl.archive.ubuntu.com karmic/main kgpg 4:4.3.2-0ubuntu1
    Connection failed
  E: Failed to fetch http://pl.archive.ubuntu.com/ubuntu/pool/main/k/kdeutils/kgpg_4.3.2-0ubuntu1_amd64.deb: Connection failed
- Reading package lists... Done
  
  Then on the server I removed the kgpg cached files, and since then all
  works - kgpg can be again downloaded.
  
  find /var/cache/apt-cacher/ | grep kgpg
  /var/cache/apt-cacher/private/kgpg_4.3.2-0ubuntu1_amd64.deb.complete
  /var/cache/apt-cacher/packages/kgpg_4.3.2-0ubuntu1_amd64.deb
  /var/cache/apt-cacher/headers/kgpg_4.3.2-0ubuntu1_amd64.deb
  
  root at jumpi(2010-02-03 12:26:15)~$ sha1sum `find /var/cache/apt-cacher/ | grep kgpg`
  da39a3ee5e6b4b0d3255bfef95601890afd80709  /var/cache/apt-cacher/private/kgpg_4.3.2-0ubuntu1_amd64.deb.complete
  accbd5a2689122f7fdbdff7d33f885147a2362c4  /var/cache/apt-cacher/packages/kgpg_4.3.2-0ubuntu1_amd64.deb
  c25cd10f3168e94d30b4757a3d86f6cd2193195e  /var/cache/apt-cacher/headers/kgpg_4.3.2-0ubuntu1_amd64.deb
  
  root at jumpi(2010-02-03 12:26:20)~$ rm `find /var/cache/apt-cacher/ | grep
  kgpg`

** Summary changed:

- apt-cacher sometimes dissallows to download given packages untill cache is fixed. Failed to fetch
+ apt-cacher stops updates of random packages (Connection failed)

** This bug has been flagged as a security vulnerability

-- 
apt-cacher stops updates of random packages (Connection failed)
https://bugs.launchpad.net/bugs/516500
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list