[Bug 1737441] Re: /usr/bin/unattended-upgrade:11:__GI___libc_free:operator:__gnu_cxx::new_allocator:std::allocator_traits:std::__cxx11::basic_string

Julian Andres Klode 1737441 at bugs.launchpad.net
Thu Apr 12 08:21:04 UTC 2018 

This is a problem in unattended-upgrades reusing apt.Version objects
after reopening the cache.

python-apt does not verify that objects like versions passed to
apt_pkg.DepCache belong to the same cache. Hence we get out of bounds
writes and memory corruption if these reference cache objects with IDs
outside of the cache range (like dependency 1024 in a cache with 100
dependencies), or, maybe even worse, we mark the wrong things (like set
the candidate for an entirely different package). Hence this was not
detected. I added checks to python-apt now to detect this situation
where possible, and will release that shortly.


** Changed in: unattended-upgrades (Ubuntu Bionic)
       Status: Invalid => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python-apt in Ubuntu.
https://bugs.launchpad.net/bugs/1737441

Title:
  /usr/bin/unattended-
  upgrade:11:__GI___libc_free:operator:__gnu_cxx::new_allocator:std::allocator_traits:std::__cxx11::basic_string

Status in python-apt package in Ubuntu:
  In Progress
Status in unattended-upgrades package in Ubuntu:
  Triaged
Status in python-apt source package in Bionic:
  In Progress
Status in unattended-upgrades source package in Bionic:
  Triaged

Bug description:
  The Ubuntu Error Tracker has been receiving reports about a problem regarding unattended-upgrades.  This problem was most recently seen with package version 0.98ubuntu1, the problem page at https://errors.ubuntu.com/problem/727153285ba3335a07f801a298a3d94cbe6ba05d contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports.
  If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1737441/+subscriptions

More information about the foundations-bugs mailing list