Public bug reported: When using Software Updater (which I believe is software-manager) and *updating the kernel*, password is usually requested. However, there is a way to avoid it. This may be a security vulnerability.
If kernel packages are due for an update and all the updates are performed at the same time, password is requested. On the other hand, if updates are performed in a specific order, password is not requested. How to reproduce it: 1. Update everything, except for the kernel related updates (please look at http://ibin.co/2HOn2ZCX580d ). 2. Next, deselect everything and update "Complete Generic Linux kernel and headers". Then, the only update left is "Linux Kernel Headers for development", which can be performed without password as well. I have seen this behaviour in two machines, for a long time now. Using Ubuntu 14.04.3 update-manager: Installed: 1:0.196.13 Candidate: 1:0.196.13 Version table: *** 1:0.196.13 0 500 http://ar.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 100 /var/lib/dpkg/status 1:0.196.11 0 500 http://ar.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages ** Affects: update-manager (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501177 Title: Updating kernel with update-manager without password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1501177/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
