[Bug 1224999] [NEW] apt-check fails to see security updates in some circumstances

ski 1224999 at bugs.launchpad.net
Fri Sep 13 14:25:11 UTC 2013 

*** This bug is a security vulnerability ***

Public security bug reported:

Running 12.04LTS with an old kernel package, apt-check fails to tell me
that I am running a vulnerable kernel:

ski at nkrumah:~$ dpkg -l | grep linux-image ; cat /proc/version ; /usr/lib/update-notifier/apt-check --human-readable ; echo
ii  linux-image-3.2.0-23-generic         3.2.0-23.36                       Linux kernel image for version 3.2.0 on 64 bit x86 SMP
Linux version 3.2.0-23-generic (buildd at crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012
3 packages can be updated.
0 updates are security updates.

ski at nkrumah:~$ dpkg -l | grep linux-image ; cat /proc/version ; /usr/libnotifier/apt-check -p ; echo
ii  linux-image-3.2.0-23-generic         3.2.0-23.36                       Linux kernel image for version 3.2.0 on 64 bit x86 SMP
Linux version 3.2.0-23-generic (buildd at crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012
libx11-data
tzdata
libx11-6

here is one such security bug affecting 3.2.0-23, i'd bet there are others:
  http://www.ubuntu.com/usn/usn-1929-1/

** Affects: update-notifier (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-notifier in Ubuntu.
https://bugs.launchpad.net/bugs/1224999

Title:
  apt-check fails to see security updates in some circumstances

Status in “update-notifier” package in Ubuntu:
  New

Bug description:
  Running 12.04LTS with an old kernel package, apt-check fails to tell
  me that I am running a vulnerable kernel:

  ski at nkrumah:~$ dpkg -l | grep linux-image ; cat /proc/version ; /usr/lib/update-notifier/apt-check --human-readable ; echo
  ii  linux-image-3.2.0-23-generic         3.2.0-23.36                       Linux kernel image for version 3.2.0 on 64 bit x86 SMP
  Linux version 3.2.0-23-generic (buildd at crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012
  3 packages can be updated.
  0 updates are security updates.

  ski at nkrumah:~$ dpkg -l | grep linux-image ; cat /proc/version ; /usr/libnotifier/apt-check -p ; echo
  ii  linux-image-3.2.0-23-generic         3.2.0-23.36                       Linux kernel image for version 3.2.0 on 64 bit x86 SMP
  Linux version 3.2.0-23-generic (buildd at crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012
  libx11-data
  tzdata
  libx11-6

  here is one such security bug affecting 3.2.0-23, i'd bet there are others:
    http://www.ubuntu.com/usn/usn-1929-1/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1224999/+subscriptions

More information about the foundations-bugs mailing list