[Bug 1615381] [NEW] apt-get autoremove may remove current kernel

Sun, 21 Aug 2016 06:35:49 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

This may happen, if you boot one of the older kernels, that is not
protected by /etc/apt/apt.conf.d/01autoremove-kernels

Workaround: run 
/etc/kernel/postinst.d/&apt-auto-removal
during each boot (e.g. by using cron).

In shell:

$ uname -r
4.4.0-22-generic
$ apt-get -s autoremove
NOTE: This is only a simulation!
      apt-get needs root privileges for real execution.
      Keep also in mind that locking is deactivated,
      so don't depend on the relevance to the real current situation!
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be REMOVED:
  linux-headers-4.4.0-21 linux-headers-4.4.0-21-generic linux-headers-4.4.0-22
  linux-headers-4.4.0-22-generic linux-headers-4.4.0-31-generic
  linux-image-4.4.0-21-generic linux-image-4.4.0-22-generic
  linux-image-4.4.0-31-generic linux-image-extra-4.4.0-21-generic
  linux-image-extra-4.4.0-22-generic linux-image-extra-4.4.0-31-generic
0 upgraded, 0 newly installed, 11 to remove and 13 not upgraded.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apt 1.2.12~ubuntu16.04.1
ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8
Uname: Linux 4.4.0-22-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Sun Aug 21 16:11:27 2016
EcryptfsInUse: Yes
InstallationDate: Installed on 2016-04-28 (114 days ago)
InstallationMedia: Xubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
SourcePackage: apt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.kernel.postinst.d.apt-auto-removal: [modified]
mtime.conffile..etc.kernel.postinst.d.apt-auto-removal: 
2016-07-30T12:15:32.706300

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug xenial

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615381

Title:
  apt-get autoremove may remove current kernel

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1615381/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to