** Information type changed from Private Security to Public
** Changed in: apt (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1406268
Title:
apt does not validate lists received from the network.
Status in apt package in Ubuntu:
Confirmed
Bug description:
When loading update manager on my laptop, I noticed that it silently
stopped and would not load or check for updates.
Upon investigation I discovered the following error:-
#apt-get update
.
.
.
Reading package lists... Error!
E: Encountered a section with no Package: header
E: Problem with MergeList
/var/lib/apt/lists/extras.ubuntu.com_ubuntu_dists_trusty_main_i18n_Translation-en
E: The package lists or status file could not be parsed or opened.
#
The cause of this was that, some time ago it had tried to update while on a
network which had some filtering, and the content of a number of files inside
the folder "/var/lib/apt/lists" contained a "pay wall" HTML screen. I was
however, no-longer connected to the network in question and the error persisted
indefinitely until I manually removed the files which had the suspect content.
eg. sudo rm /var/lib/apt/lists/extras.ubuntu.com*
I see this as a significant security issue, since any user could
connect to a public wifi point, and accidentally collect corrupted apt
list data, either before signing on to a pay wall, or if they do not
sign on, and after this _NO FURTHER UPDATES_ will be performed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1406268/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
