unattended-upgrade fails to apply security updates if the update is also in another suite suffix component, such as yakkety-updates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unattended-upgrades (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
As you can see below, the packages have security updates which are not being applied, presumably because the security updates are not only in yakkety-security, but also in yakkety-updates. This is a bug and leaves systems vulnerable that are expecting unattended-upgrades to apply the patches (it fails to do so).
"""
# apt list --upgradable 2>/dev/null | grep yakkety-security
liboxideqt-
liboxideqtcore0
liboxideqtquick
oxideqt-
# unattended-upgrade --dry-run -v
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,
Option --dry-run given, *not* performing real actions
Packages that will be upgraded:
<no output>
"""
information type: | Private Security → Public Security |
One package as an example:
""" 0ubuntu0. 16.10.1 18.3-0ubuntu0. 16.10.1 500 updates/ main amd64 Packages security/ main amd64 Packages dpkg/status
# apt-cache policy liboxideqtcore0
liboxideqtcore0:
Installed: 1.17.9-0ubuntu1
Candidate: 1.18.3-
Version table:
1.
500 ... yakkety-
500 ... yakkety-
*** 1.17.9-0ubuntu1 500
500 ... yakkety/main amd64 Packages
100 /var/lib/
"""