Internet cafes that require web log-in typically perform IP spoofing to get your browser to visit their logon page before enabling access to the world. However if you forget to launch your browser before launching aptitude (or it runs an update in the background), and then subsequently launch the browser and successfully log-on, the running aptitude process can be fooled into inserting incorrect URLs into its "list" files aquired during update. Best case, ubuntu users of internet cafes with this type of insecure logon are likely to eventually end up with corrupted lists files that make aptitude unrunnable. Worst case, some ubuntu users may be vulnerable to IP spoofing by anyone within range of the internet cafe. I did at some point accept a security certificate for canonical that was obviously coming from/through my internet cafe to avoid error messages during to sporadic wifi connections. And this may be the ultimate cause. If so, the security vulnerability is not Ubuntu but the user. However, this is such a common scenario, that it should be possible for Ubuntu to detect when local IP spoofing is occurring on the wifi connection so that it can inform the user to launch their browser and log on, rather than accepting the bogus IP addresses and URLs it receives from the internet cafe. Here's a console activity log:
# The command that causes the error message
hobs@hobs-laptop:~$ sudo aptitude clean
[ ERR] Reading package lists
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_natty_partner_binary-i386_Packages
E: The package lists or status file could not be parsed or opened.
[ ERR] Reading package lists
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_natty_partner_binary-i386_Packages
E: The package lists or status file could not be parsed or opened.
# Notice the local domain IP addresses used in a URL -- typical of the spoofing done by Internet cafe's with web log-in pages
hobs@hobs-laptop:/var/lib/apt/lists$ more /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_natty_partner_binary-i386_Packages
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="Microsoft FrontPage 5.0" name=GENERATOR>
<META HTTP-EQUIV="refresh" content="0;URL=/cgi-bin/main2.cgi?ip=10.10.16.245&mac=00:e0:4c:25:91:4d&url=http://archive.canonical.com/ubuntu/dists/natty/pa
rtner/binary-i386/Packages.gz" target=_top>
</HEAD>
</BODY>
</HTML>
# List all corrupted files:
hobs@hobs-laptop:~$ cd /var/lib/apt
hobs@hobs-laptop:/var/lib/apt$ alias grep='grep --color=auto --extended-regexp'
hobs@hobs-laptop:/var/lib/apt$ grep -R -l -e '10[.]10' -e '&mac=' *
keyrings/ubuntu-archive-keyring.gpg
lists/mirror.anl.gov_pub_ubuntu_dists_natty-backports_main_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_restricted_i18n_Translation-en
lists/security.ubuntu.com_ubuntu_dists_natty-security_restricted_binary-i386_Packages
lists/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_universe_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_universe_binary-i386_Packages
lists/security.ubuntu.com_ubuntu_dists_natty-security_main_i18n_Translation-en
lists/mirror.anl.gov_pub_ubuntu_dists_natty-updates_multiverse_i18n_Index
grep: lists/lock: Permission denied
lists/security.ubuntu.com_ubuntu_dists_natty-security_multiverse_i18n_Translation-en%5fUS
lists/security.ubuntu.com_ubuntu_dists_natty-security_main_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty_main_binary-i386_Packages
lists/mirror.anl.gov_pub_ubuntu_dists_natty_universe_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty_main_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-updates_universe_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-backports_universe_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-updates_restricted_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_main_i18n_Translation-en%5fUS
lists/mirror.anl.gov_pub_ubuntu_dists_natty-backports_restricted_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty_universe_binary-i386_Packages
lists/archive.canonical.com_ubuntu_dists_natty_partner_source_Sources
lists/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_restricted_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_main_binary-i386_Packages
lists/security.ubuntu.com_ubuntu_dists_natty-security_restricted_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty_multiverse_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_restricted_i18n_Translation-en%5fUS
lists/security.ubuntu.com_ubuntu_dists_natty-security_multiverse_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_universe_i18n_Index
lists/archive.canonical.com_ubuntu_dists_natty_partner_i18n_Translation-en%5fUS
lists/mirror.anl.gov_pub_ubuntu_dists_natty_restricted_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_main_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_multiverse_i18n_Translation-en
lists/mirror.anl.gov_pub_ubuntu_dists_natty-updates_main_i18n_Index
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_multiverse_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_universe_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_main_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_multiverse_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_main_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_multiverse_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_restricted_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_main_i18n_Translation-en
lists/partial/security.ubuntu.com_ubuntu_dists_natty-security_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_multiverse_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_restricted_i18n_Translation-en
lists/partial/security.ubuntu.com_ubuntu_dists_natty-security_universe_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_multiverse_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_multiverse_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_universe_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_universe_i18n_Translation-en
lists/partial/security.ubuntu.com_ubuntu_dists_natty-security_universe_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_restricted_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_universe_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_universe_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_universe_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_main_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_multiverse_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_main_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_main_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_main_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_multiverse_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-updates_restricted_i18n_Translation-en
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-backports_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_restricted_i18n_Translation-en%5fUS
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_restricted_i18n_Translation-en%5fUS
lists/partial/archive.canonical.com_ubuntu_dists_natty_InRelease
lists/partial/mirror.anl.gov_pub_ubuntu_dists_natty_main_i18n_Translation-en%5fUS
lists/archive.canonical.com_ubuntu_dists_natty_partner_i18n_Index
lists/security.ubuntu.com_ubuntu_dists_natty-security_multiverse_binary-i386_Packages
lists/mirror.anl.gov_pub_ubuntu_dists_natty-proposed_multiverse_i18n_Index
lists/mirror.anl.gov_pub_ubuntu_dists_natty-backports_multiverse_i18n_Index
# Draconian cleanup solution:
hobs@hobs-laptop:/var/lib/apt/lists$ cd partial
hobs@hobs-laptop:/var/lib/apt/lists/partial$ sudo rm *
hobs@hobs-laptop:/var/lib/apt/lists/partial$ cd ..
hobs@hobs-laptop:/var/lib/apt/lists$ cd ..
hobs@hobs-laptop:/var/lib/apt$
hobs@hobs-laptop:/var/lib/apt$ sudo rm keyrings/ubuntu-archive-keyring.gpg
hobs@hobs-laptop:/var/lib/apt$ sudo aptitude clean
hobs@hobs-laptop:/var/lib/apt$ sudo aptitude update
Status changed to 'Confirmed' because the bug affects multiple users.