[Touch-packages] [Bug 2100714] [NEW] apt cannot update from security repo

Andrey Thu, 06 Mar 2025 00:15:30 -0800

Public bug reported:

server constantly returns "301 moved permanently" to ... itself, and apt
times out. This feels like a security issue tbh.



```
root@server-02:~# apt update
Hit:1 https://archive.ubuntu.com/ubuntu noble InRelease                         
                                                                                
        
Hit:2 https://archive.ubuntu.com/ubuntu noble-updates InRelease                 
                                                                                
        
Hit:3 https://archive.ubuntu.com/ubuntu noble-backports InRelease               
                                                                                
        
Hit:4 https://download.docker.com/linux/ubuntu noble InRelease                  
                                                                                
        
Hit:5 https://security.ubuntu.com/ubuntu noble-security InRelease
Error: Timeout was reached
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
root@server-02:~# 
```


curl -v 


```

root@server-02:~# curl -v https://security.ubuntu.com/ubuntu
* Host security.ubuntu.com:443 was resolved.
* IPv6: 2620:2d:4000:1::101, 2620:2d:4000:1::103, 2620:2d:4002:1::102, 
2620:2d:4000:1::102, 2620:2d:4002:1::103, 2620:2d:4002:1::101
* IPv4: 91.189.91.82, 185.125.190.83, 91.189.91.83, 185.125.190.82, 
185.125.190.81, 91.189.91.81
*   Trying 91.189.91.82:443...
* Connected to security.ubuntu.com (91.189.91.82) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=security.ubuntu.com
*  start date: Feb 12 19:21:44 2025 GMT
*  expire date: May 13 19:21:43 2025 GMT
*  subjectAltName: host "security.ubuntu.com" matched cert's 
"security.ubuntu.com"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed 
using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed 
using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed 
using sha256WithRSAEncryption
* using HTTP/1.x
> GET /ubuntu HTTP/1.1
> Host: security.ubuntu.com
> User-Agent: curl/8.5.0
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 301 Moved Permanently
< Date: Sun, 02 Mar 2025 20:02:35 GMT
< Server: Apache/2.4.52 (Ubuntu)
< Location: https://security.ubuntu.com/ubuntu/
< Content-Length: 329
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a 
href="https://security.ubuntu.com/ubuntu/";>here</a>.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at security.ubuntu.com Port 443</address>
</body></html>
* Connection #0 to host security.ubuntu.com left intact
root@server-02:~# 
```

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: apt 2.7.14build2
ProcVersionSignature: Ubuntu 6.8.0-53.55-generic 6.8.12
Uname: Linux 6.8.0-53-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
CasperMD5CheckResult: pass
CloudArchitecture: x86_64
CloudID: none
CloudName: none
CloudPlatform: none
CloudSubPlatform: config
Date: Sun Mar  2 19:47:19 2025
InstallationDate: Installed on 2024-04-05 (331 days ago)
InstallationMedia: Ubuntu-Server 22.04.3 LTS "Jammy Jellyfish" - Release amd64 
(20230810)
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: apt
UpgradeStatus: Upgraded to noble on 2025-02-12 (18 days ago)

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug noble

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2100714

Title:
  apt cannot update from security repo

Status in apt package in Ubuntu:
  New

Bug description:
  server constantly returns "301 moved permanently" to ... itself, and
  apt times out. This feels like a security issue tbh.

  
  ```
  root@server-02:~# apt update
  Hit:1 https://archive.ubuntu.com/ubuntu noble InRelease                       
                                                                                
          
  Hit:2 https://archive.ubuntu.com/ubuntu noble-updates InRelease               
                                                                                
          
  Hit:3 https://archive.ubuntu.com/ubuntu noble-backports InRelease             
                                                                                
          
  Hit:4 https://download.docker.com/linux/ubuntu noble InRelease                
                                                                                
          
  Hit:5 https://security.ubuntu.com/ubuntu noble-security InRelease
  Error: Timeout was reached
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  All packages are up to date.
  root@server-02:~# 
  ```

  
  curl -v 

  
  ```

  root@server-02:~# curl -v https://security.ubuntu.com/ubuntu
  * Host security.ubuntu.com:443 was resolved.
  * IPv6: 2620:2d:4000:1::101, 2620:2d:4000:1::103, 2620:2d:4002:1::102, 
2620:2d:4000:1::102, 2620:2d:4002:1::103, 2620:2d:4002:1::101
  * IPv4: 91.189.91.82, 185.125.190.83, 91.189.91.83, 185.125.190.82, 
185.125.190.81, 91.189.91.81
  *   Trying 91.189.91.82:443...
  * Connected to security.ubuntu.com (91.189.91.82) port 443
  * ALPN: curl offers h2,http/1.1
  * TLSv1.3 (OUT), TLS handshake, Client hello (1):
  *  CAfile: /etc/ssl/certs/ca-certificates.crt
  *  CApath: /etc/ssl/certs
  * TLSv1.3 (IN), TLS handshake, Server hello (2):
  * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  * TLSv1.3 (IN), TLS handshake, Certificate (11):
  * TLSv1.3 (IN), TLS handshake, CERT verify (15):
  * TLSv1.3 (IN), TLS handshake, Finished (20):
  * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  * TLSv1.3 (OUT), TLS handshake, Finished (20):
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
  * ALPN: server accepted http/1.1
  * Server certificate:
  *  subject: CN=security.ubuntu.com
  *  start date: Feb 12 19:21:44 2025 GMT
  *  expire date: May 13 19:21:43 2025 GMT
  *  subjectAltName: host "security.ubuntu.com" matched cert's 
"security.ubuntu.com"
  *  issuer: C=US; O=Let's Encrypt; CN=R11
  *  SSL certificate verify ok.
  *   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed 
using sha256WithRSAEncryption
  *   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed 
using sha256WithRSAEncryption
  *   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed 
using sha256WithRSAEncryption
  * using HTTP/1.x
  > GET /ubuntu HTTP/1.1
  > Host: security.ubuntu.com
  > User-Agent: curl/8.5.0
  > Accept: */*
  > 
  * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  * old SSL session ID is stale, removing
  < HTTP/1.1 301 Moved Permanently
  < Date: Sun, 02 Mar 2025 20:02:35 GMT
  < Server: Apache/2.4.52 (Ubuntu)
  < Location: https://security.ubuntu.com/ubuntu/
  < Content-Length: 329
  < Content-Type: text/html; charset=iso-8859-1
  < 
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  <html><head>
  <title>301 Moved Permanently</title>
  </head><body>
  <h1>Moved Permanently</h1>
  <p>The document has moved <a 
href="https://security.ubuntu.com/ubuntu/";>here</a>.</p>
  <hr>
  <address>Apache/2.4.52 (Ubuntu) Server at security.ubuntu.com Port 
443</address>
  </body></html>
  * Connection #0 to host security.ubuntu.com left intact
  root@server-02:~# 
  ```

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: apt 2.7.14build2
  ProcVersionSignature: Ubuntu 6.8.0-53.55-generic 6.8.12
  Uname: Linux 6.8.0-53-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.28.1-0ubuntu3.3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CloudArchitecture: x86_64
  CloudID: none
  CloudName: none
  CloudPlatform: none
  CloudSubPlatform: config
  Date: Sun Mar  2 19:47:19 2025
  InstallationDate: Installed on 2024-04-05 (331 days ago)
  InstallationMedia: Ubuntu-Server 22.04.3 LTS "Jammy Jellyfish" - Release 
amd64 (20230810)
  RebootRequiredPkgs: Error: path contained symlinks.
  SourcePackage: apt
  UpgradeStatus: Upgraded to noble on 2025-02-12 (18 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2100714/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2100714] [NEW] apt cannot update from security repo

Reply via email to