Ubuntu
linux package

4.4.0.151.159 is in xenial-updates not xenial-security

Bug #1833382 reported by vdloo
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Hi,

The SACK Panic kernel update was uploaded into xenial-updates instead of xenial-security:

https://packages.ubuntu.com/xenial-updates/linux-image-generic

normally I would expect this to be in the xenial-security component, especially because this is a security update. People who only track xenial-security and not xenial-updates will now not get the security update.

see https://launchpad.net/ubuntu/+source/linux/4.4.0-151.178 and the previous https://launchpad.net/ubuntu/+source/linux/4.4.0-150.176, one is Pocket: updates, the older one is Pocket: security.

# grep sec /etc/apt/sources.list
deb http://security.ubuntu.com/ubuntu xenial-security xenial-updates main restricted universe multiverse
# apt-cache policy linux-image-4.4.0-150-generic
linux-image-4.4.0-150-generic:
  Installed: 4.4.0-150.176
  Candidate: 4.4.0-150.176
  Version table:
 *** 4.4.0-150.176 500
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
# apt-cache search linux-image | grep "generic" | grep "\-15"
linux-image-4.15.0-15-generic - Linux kernel image for version 4.15.0 on 64 bit x86 SMP
linux-image-4.4.0-150-generic - Signed kernel image generic
linux-image-extra-4.15.0-15-generic - Linux kernel extra modules for version 4.15.0 on 64 bit x86 SMP
linux-image-unsigned-4.4.0-150-generic - Linux kernel image for version 4.4.0 on 64 bit x86 SMP

https://packages.ubuntu.com/xenial-updates/linux-image-generic
https://packages.ubuntu.com/xenial/linux-image-generic

Tags: xenial
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1833382

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: bionic
Revision history for this message
vdloo (rickvandeloo) wrote :

This bot comment has me thinking this might not be the right place to report this but I wouldn't know where to otherwise report this. Will change the bug status to confirmed.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tags: added: xenial
removed: bionic
Revision history for this message
Terry Rudd (terrykrudd) wrote :

The operation to get mitigated kernels into -security pockets should be complete now

Revision history for this message
vdloo (rickvandeloo) wrote :

Yes, I've noticed. Thanks!

# apt-cache policy linux-generic
linux-generic:
  Installed: (none)
  Candidate: 4.4.0.151.159
  Version table:
     4.4.0.151.159 500
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.