[Bug 781132] Re: corrupted /var/lib/apt/lists

gpk gpk at kochanski.org
Fri Jun 3 18:20:29 UTC 2011 

OK, so it's perhaps not a security problem, but it sure is a problem!

>From anyone but an expert's point of view, if that happens, your Ubuntu
system appears to be broken.  One cannot install new software or get
updates.   Worrying error messages will appear.


Proper system behaviour would be to:
(a) detect malformed files before the old files are trashed.
(b) do not throw away the old files until the new ones are confirmed,
(c) Produce an intelligible error message, something on the order of
       "Your attempt to update Ubuntu failed because the updates are corrupted.
         Please check your network connection, check the server, and try again."


** Changed in: aptitude (Ubuntu)
       Status: Invalid => New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptitude in Ubuntu.
https://bugs.launchpad.net/bugs/781132

Title:
  corrupted /var/lib/apt/lists

Status in “aptitude” package in Ubuntu:
  New

Bug description:
  Binary package hint: aptitude

  I was connected to a hotel WiFi system that requires you to register
  on a web page to get access.    My access had expired, and I ran
  "aptitude update" and aptitude happily sucked in the hotel's page that
  explains how to register for access, instead of the desired page
  describing packages.     This page ended up in
  /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_natty-
  security_main_i18n_Translation-en and other places.

  As a result, you get error messages, but it seems likely this could
  enable attacks on the system, if the web page were designed to be
  evil, instead of a WiFi registration page.

  Here's a sample error from aptitude search:
  E: Encountered a section with no Package: header
  E: Problem with MergeList /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_natty-security_main_binary-amd64_Packages
  E: The package lists or status file could not be parsed or opened.

  I attach one of the corrupted files (...security.ubuntu
  .com_ubuntu_dists_natty-security_main_binary-amd64_Packages).

  $ lsb_release -rd
  Description:	Ubuntu 11.04
  Release:	11.04
  gpk at nglap:~/notconnected$ 

  $ apt-cache policy aptitude
  E: Encountered a section with no Package: header
  E: Problem with MergeList /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_natty-security_main_i18n_Translation-en
  E: The package lists or status file could not be parsed or opened.
  gpk at nglap:~/notconnected$ 

  The system was up to date as of 7 May 2011.

More information about the foundations-bugs mailing list