*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Mike Salvatore
(mikesalvatore):
Critical unattended upgrades fixes are missing from the bionic security
repo, which means that if you are using an installation of Ubuntu using
only 'bionic' and 'bionic-security' you can stop unattended-upgrades
from working just by doing a 'rmdir /var/cache/apt/archives/partial'.
This is because the 'rootdir' parameter on the main function is set to
"" rather than "/" - which disables the required directories and files
check.
I'm presuming here that the *-updates pocket is still 'recommended'
rather than 'required'.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: unattended-upgrades 1.1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-96.97-generic 4.15.18
Uname: Linux 4.15.0-96-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.14
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 20 12:44:35 2020
InstallationDate: Installed on 2016-04-28 (1452 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
PackageArchitecture: all
SourcePackage: unattended-upgrades
UpgradeStatus: Upgraded to bionic on 2018-08-19 (610 days ago)
modified.conffile..etc.apt.apt.conf.d.10periodic: [modified]
mtime.conffile..etc.apt.apt.conf.d.10periodic: 2018-09-17T10:50:46.904847
** Affects: unattended-upgrades (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: unattended-upgrades (Ubuntu Xenial)
Importance: Undecided
Status: Fix Released
** Affects: unattended-upgrades (Ubuntu Bionic)
Importance: Undecided
Status: Fix Released
** Affects: unattended-upgrades (Ubuntu Eoan)
Importance: Undecided
Status: Fix Released
** Tags: amd64 apport-bug bionic
--
Unattended upgrades fixes missing from security repo
https://bugs.launchpad.net/bugs/1873794
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
