This is a problem in unattended-upgrades reusing apt.Version objects after reopening the cache.
python-apt does not verify that objects like versions passed to apt_pkg.DepCache belong to the same cache. Hence we get out of bounds writes and memory corruption if these reference cache objects with IDs outside of the cache range (like dependency 1024 in a cache with 100 dependencies), or, maybe even worse, we mark the wrong things (like set the candidate for an entirely different package). Hence this was not detected. I added checks to python-apt now to detect this situation where possible, and will release that shortly. ** Changed in: unattended-upgrades (Ubuntu Bionic) Status: Invalid => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1737441 Title: /usr/bin/unattended- upgrade:11:__GI___libc_free:operator:__gnu_cxx::new_allocator:std::allocator_traits:std::__cxx11::basic_string To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1737441/+subscriptions -- ubuntu-bugs mailing list firstname.lastname@example.org https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs