*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
Binary package hint: aptitude
I was connected to a hotel WiFi system that requires you to register on
a web page to get access. My access had expired, and I ran "aptitude
update" and aptitude happily sucked in the hotel's page that explains
how to register for access, instead of the desired page describing
packages. This page ended up in /var/lib/apt/lists/security.ubuntu
.com_ubuntu_dists_natty-security_main_i18n_Translation-en and other
places.
As a result, you get error messages, but it seems likely this could
enable attacks on the system, if the web page were designed to be evil,
instead of a WiFi registration page.
Here's a sample error from aptitude search:
E: Encountered a section with no Package: header
E: Problem with MergeList
/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_natty-security_main_binary-amd64_Packages
E: The package lists or status file could not be parsed or opened.
I attach one of the corrupted files (...security.ubuntu
.com_ubuntu_dists_natty-security_main_binary-amd64_Packages).
$ lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04
gpk@nglap:~/notconnected$
$ apt-cache policy aptitude
E: Encountered a section with no Package: header
E: Problem with MergeList
/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_natty-security_main_i18n_Translation-en
E: The package lists or status file could not be parsed or opened.
gpk@nglap:~/notconnected$
The system was up to date as of 7 May 2011.
** Affects: aptitude (Ubuntu)
Importance: Undecided
Status: New
--
corrupted /var/lib/apt/lists
https://bugs.launchpad.net/bugs/781132
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
