package lists become corrupted behind restricted connection
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: synaptic
When running synaptic (or any other package manager) through am internet connection which in some cases will always display one webpage, the package lists in /var/lib/apt/lists become corrupted. In my case on a public wireless connection that displays an explanation page after using 0.5Gb of traffic to your machine. When updating the lists, the package manager downloads this webpage instead of the package list itself. This produces an error message followed by a forced close in synaptic, an error message in apt-get and ubuntu software centre just never finds any search results.
Once you are once again properly connected to the internet (for example through another connection), the package managers never get far enough to redownload the lists. The error message is always displayed first.
The problem can be easily solved by deleting all the files in /var/lib/apt/lists, which forces a re-download, but could be effectively prevented with a small clause to check the package lists, look like package lists, and don't start with "<!DOCTYPE html PUBLIC....".
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: synaptic 0.75.1ubuntu2
ProcVersionSign
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Wed May 4 16:58:53 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
ProcEnviron:
LANGUAGE=en_GB:en
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: synaptic
UpgradeStatus: No upgrade log present (probably fresh install)
affects: | synaptic (Ubuntu) → apt (Ubuntu) |
summary: |
- synaptic corrupts package lists behind restricted connection + package lists become corrupted behind restricted connection |
This seems like a security hole - couldn't a malicious provider inject bad packages through manipulation of the returned package list?