update manager tries to download stale files?
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
update-manager (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
Binary package hint: update-manager
An ubuntu-9.04 system that had been turned off for a couple weeks
was turned on today, and Update Manager asked to update a
bunch of packages. It encountered the following error:
W: Failed to fetch
http://
404 Not Found [IP: 74.125.19.136 80]
Presumably this system had done an apt-get update, but been
shut down before actually installing the available updates, and
when the system came back up, the update manager tried to get that package,
but failed because that package is now obsolete, having been replaced with
a newer one several weeks ago.
This seems like it wouldn't happen with packages provided directly by
Ubuntu, since old packages are rarely removed from their repo;
it's specific to third party repositories which are rapidly updated
and where obsolete packages are routinely removed from the repo.
It might also happen with Ubuntu alpha releases; I think they
remove buggy packages from the repo if they cause problems.
It seems that update-manager should do an apt-get update to
get a fresh list of packages before trying to do the install.
Running outdated packages can widen the window of vulnerability,
so this is a security problem.
visibility: | private → public |
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.