This is a problem in unattended-upgrades reusing apt.Version objects
after reopening the cache.
python-apt does not verify that objects like versions passed to
apt_pkg.DepCache belong to the same cache. Hence we get out of bounds
writes and memory corruption if these reference cache objects with IDs
outside of the cache range (like dependency 1024 in a cache with 100
dependencies), or, maybe even worse, we mark the wrong things (like set
the candidate for an entirely different package). Hence this was not
detected. I added checks to python-apt now to detect this situation
where possible, and will release that shortly.
** Changed in: unattended-upgrades (Ubuntu Bionic)
Status: Invalid => Triaged
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-apt in Ubuntu.
Status in python-apt package in Ubuntu:
Status in unattended-upgrades package in Ubuntu:
Status in python-apt source package in Bionic:
Status in unattended-upgrades source package in Bionic:
The Ubuntu Error Tracker has been receiving reports about a problem regarding
unattended-upgrades. This problem was most recently seen with package version
0.98ubuntu1, the problem page at
contains more details, including versions of packages affected, stacktrace or
traceback, and individual crash reports.
If you do not have access to the Ubuntu Error Tracker and are a software
developer, you can request it at http://forms.canonical.com/reports/.
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~touch-packages
Post to : email@example.com
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp