apt does not validate lists received from the network.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
When loading update manager on my laptop, I noticed that it silently stopped and would not load or check for updates.
Upon investigation I discovered the following error:-
#apt-get update
.
.
.
Reading package lists... Error!
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/
E: The package lists or status file could not be parsed or opened.
#
The cause of this was that, some time ago it had tried to update while on a network which had some filtering, and the content of a number of files inside the folder "/var/lib/
eg. sudo rm /var/lib/
I see this as a significant security issue, since any user could connect to a public wifi point, and accidentally collect corrupted apt list data, either before signing on to a pay wall, or if they do not sign on, and after this _NO FURTHER UPDATES_ will be performed.
information type: | Private Security → Public |
Changed in apt (Ubuntu): | |
status: | New → Confirmed |
tags: | added: utopic |
information type: | Public → Public Security |
Changed in apt (Ubuntu): | |
importance: | Undecided → High |
I should have added that this is on 14.10, but I seem t remember this happening before in a much earlier release as well.