Ubuntu
unattended-upgrades package

unattended-upgrade fails to apply security updates if the update is also in another suite suffix component, such as yakkety-updates

Bug #1638561 reported by xtsbdu3reyrbrmroezob on 2016-11-02

This bug report is a duplicate of: Bug #1624641: security updates with a new dependency don't get installed. Edit Remove

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	unattended-upgrades (Ubuntu)	New	Undecided	Unassigned

Bug Description

As you can see below, the packages have security updates which are not being applied, presumably because the security updates are not only in yakkety-security, but also in yakkety-updates. This is a bug and leaves systems vulnerable that are expecting unattended-upgrades to apply the patches (it fails to do so).

"""
# apt list --upgradable 2>/dev/null | grep yakkety-security
liboxideqt-qmlplugin/yakkety-updates,yakkety-security 1.18.3-0ubuntu0.16.10.1 amd64 [upgradable from: 1.17.9-0ubuntu1]
liboxideqtcore0/yakkety-updates,yakkety-security 1.18.3-0ubuntu0.16.10.1 amd64 [upgradable from: 1.17.9-0ubuntu1]
liboxideqtquick0/yakkety-updates,yakkety-security 1.18.3-0ubuntu0.16.10.1 amd64 [upgradable from: 1.17.9-0ubuntu1]
oxideqt-codecs/yakkety-updates,yakkety-security 1.18.3-0ubuntu0.16.10.1 amd64 [upgradable from: 1.17.9-0ubuntu1]
# unattended-upgrade --dry-run -v
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=yakkety-security']
Option --dry-run given, *not* performing real actions
Packages that will be upgraded:
<no output>
"""

Revision history for this message

xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote on 2016-11-02:

One package as an example:

"""
# apt-cache policy liboxideqtcore0
liboxideqtcore0:
  Installed: 1.17.9-0ubuntu1
  Candidate: 1.18.3-0ubuntu0.16.10.1
  Version table:
     1.18.3-0ubuntu0.16.10.1 500
        500 ... yakkety-updates/main amd64 Packages
        500 ... yakkety-security/main amd64 Packages
*** 1.17.9-0ubuntu1 500
        500 ... yakkety/main amd64 Packages
        100 /var/lib/dpkg/status
"""

Revision history for this message

xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote on 2016-11-02:

Notice the packages being in both the yakkety-updates archive and the yakkety-security archive is an example of this bug.

Seth Arnold (seth-arnold) on 2016-11-02

information type:

Private Security → Public Security

Revision history for this message

xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote on 2016-11-03:

This is a regression. I tested latest updates and still having issues, albeit slightly different. Not sure if exactly the same bug and not sure if this is really a duplicate, as currently linked. But it should be checked out.

bug #1624641

Revision history for this message

xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote on 2016-11-03:

Still present, or new issue due to the changes?

"""
$ apt-cache policy unattended-upgrades
unattended-upgrades:
Installed: 0.92ubuntu1
"""