Choose style:

Author Topic: Suspicious update  (Read 684 times)

0 Members and 1 Guest are viewing this topic.

Offline Pikolo

  • Trusted User
  • Member
  • *****
  • Posts: 138
  • Karma: 25
    • View Profile
  • Peppermint version(s): 8
Suspicious update
« on: November 03, 2016, 04:49:31 pm »
Today(3.11) i ran mintupdate just before hibernating the computer for the day. The list of needed updates was very short:
-curl
-libcurl
-libcurl-gnutls all the above were updated to version 7.47.0-1ubuntu2.2
-update-notifier-common to version 3.168.2

I had nothing to do, so I peeked at the update log, which showed a lot of other things being updated. Here is the log in question:
Code: [Select]
(Reading database ... 410132 files and directories currently installed.)
Preparing to unpack .../update-notifier-common_3.168.2_all.deb ...
Unpacking update-notifier-common (3.168.2) over (3.168.1) ...
Preparing to unpack .../curl_7.47.0-1ubuntu2.2_amd64.deb ...
Unpacking curl (7.47.0-1ubuntu2.2) over (7.47.0-1ubuntu2.1) ...
Preparing to unpack .../libcurl3-gnutls_7.47.0-1ubuntu2.2_amd64.deb ...
Unpacking libcurl3-gnutls:amd64 (7.47.0-1ubuntu2.2) over (7.47.0-1ubuntu2.1) ...
Preparing to unpack .../libcurl3_7.47.0-1ubuntu2.2_amd64.deb ...
Unpacking libcurl3:amd64 (7.47.0-1ubuntu2.2) over (7.47.0-1ubuntu2.1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for libc-bin (2.23-0ubuntu4) ...
Setting up update-notifier-common (3.168.2) ...
flashplugin-installer: processing...
flashplugin-installer: downloading http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_20161026.1.orig.tar.gz
Get:1 http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_20161026.1.orig.tar.gz [27,2 MB]
Fetched 27,2 MB in 25s (1058 kB/s)                                             
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/adobe-flashplugin_20161026.1.orig.tar.gz' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
Installing from local file /var/lib/update-notifier/package-data-downloads/partial/adobe-flashplugin_20161026.1.orig.tar.gz
Flash Plugin installed.
ttf-mscorefonts-installer: processing...
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/andale32.exe
Get:1 http://downloads.sourceforge.net/corefonts/andale32.exe [198 kB]
Fetched 198 kB in 0s (205 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/andale32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/arial32.exe
Get:1 http://downloads.sourceforge.net/corefonts/arial32.exe [554 kB]
Fetched 554 kB in 1s (500 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/arial32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/arialb32.exe
Get:1 http://downloads.sourceforge.net/corefonts/arialb32.exe [168 kB]
Fetched 168 kB in 1s (86,4 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/arialb32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/comic32.exe
Get:1 http://downloads.sourceforge.net/corefonts/comic32.exe [246 kB]
Fetched 246 kB in 0s (338 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/comic32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/courie32.exe
Get:1 http://downloads.sourceforge.net/corefonts/courie32.exe [646 kB]
Fetched 646 kB in 1s (504 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/courie32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/georgi32.exe
Get:1 http://downloads.sourceforge.net/corefonts/georgi32.exe [392 kB]
Fetched 392 kB in 1s (364 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/georgi32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/impact32.exe
Get:1 http://downloads.sourceforge.net/corefonts/impact32.exe [173 kB]
Fetched 173 kB in 0s (267 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/impact32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/times32.exe
Get:1 http://downloads.sourceforge.net/corefonts/times32.exe [662 kB]
Fetched 662 kB in 6s (108 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/times32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/trebuc32.exe
Get:1 http://downloads.sourceforge.net/corefonts/trebuc32.exe [357 kB]
Fetched 357 kB in 1s (336 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/trebuc32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/verdan32.exe
Get:1 http://downloads.sourceforge.net/corefonts/verdan32.exe [352 kB]
Fetched 352 kB in 1s (288 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/verdan32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
ttf-mscorefonts-installer: downloading http://downloads.sourceforge.net/corefonts/webdin32.exe
Get:1 http://downloads.sourceforge.net/corefonts/webdin32.exe [185 kB]
Fetched 185 kB in 0s (211 kB/s)                                               
W: Can't drop privileges for downloading as file '/var/lib/update-notifier/package-data-downloads/partial/webdin32.exe' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

These fonts were provided by Microsoft "in the interest of cross-
platform compatibility".  This is no longer the case, but they are
still available from third parties.

You are free to download these fonts and use them for your own use,
but you may not redistribute them in modified form, including changes
to the file name or packaging format.

Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/andale32.exe
  extracting fontinst.inf
  extracting andale.inf
  extracting fontinst.exe
  extracting AndaleMo.TTF
  extracting ADVPACK.DLL
  extracting W95INF32.DLL
  extracting W95INF16.DLL

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/arial32.exe
  extracting FONTINST.EXE
  extracting fontinst.inf
  extracting Ariali.TTF
  extracting Arialbd.TTF
  extracting Arialbi.TTF
  extracting Arial.TTF

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/arialb32.exe
  extracting fontinst.exe
  extracting fontinst.inf
  extracting AriBlk.TTF

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/comic32.exe
  extracting fontinst.inf
  extracting Comicbd.TTF
  extracting Comic.TTF
  extracting fontinst.exe

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/courie32.exe
  extracting cour.ttf
  extracting courbd.ttf
  extracting courbi.ttf
  extracting fontinst.inf
  extracting couri.ttf
  extracting fontinst.exe

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/georgi32.exe
  extracting fontinst.inf
  extracting Georgiaz.TTF
  extracting Georgiab.TTF
  extracting Georgiai.TTF
  extracting Georgia.TTF
  extracting fontinst.exe

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/impact32.exe
  extracting fontinst.exe
  extracting Impact.TTF
  extracting fontinst.inf

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/times32.exe
  extracting fontinst.inf
  extracting Times.TTF
  extracting Timesbd.TTF
  extracting Timesbi.TTF
  extracting Timesi.TTF
  extracting FONTINST.EXE

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/trebuc32.exe
  extracting FONTINST.EXE
  extracting trebuc.ttf
  extracting Trebucbd.ttf
  extracting trebucbi.ttf
  extracting trebucit.ttf
  extracting fontinst.inf

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/verdan32.exe
  extracting fontinst.exe
  extracting fontinst.inf
  extracting Verdanab.TTF
  extracting Verdanai.TTF
  extracting Verdanaz.TTF
  extracting Verdana.TTF

All done, no errors.
Extracting cabinet: /var/lib/update-notifier/package-data-downloads/partial/webdin32.exe
  extracting fontinst.exe
  extracting Webdings.TTF
  extracting fontinst.inf
  extracting Licen.TXT

All done, no errors.
All fonts downloaded and installed.
Setting up libcurl3-gnutls:amd64 (7.47.0-1ubuntu2.2) ...
Setting up curl (7.47.0-1ubuntu2.2) ...
Setting up libcurl3:amd64 (7.47.0-1ubuntu2.2) ...
Processing triggers for libc-bin (2.23-0ubuntu4) ...

The thing that got me suspicious was the flash player update. It did not show up in the list of needed updates.
Then there were the font updates. Seriously? Font updates? What can be updated in Arial?

So, did I start the update in the exact moment that flashplayer and font updates landed on my PC, are they dependencies of any of the updated programs, or is this normal?

Code: [Select]
pshem@PiLenovo ~ $ inxi -Fz
System:    Host: PiLenovo Kernel: 4.4.0-45-generic x86_64 (64 bit)
           Desktop: N/A Distro: Peppermint Seven
Machine:   System: LENOVO product: 20257 v: IdeaPad S210 Touch
           Mobo: LENOVO model: Ideapad S210 v: 31900003Std
           Bios: LENOVO v: 80CN15WW date: 04/10/2013
CPU:       Dual core Intel Core i3-3217U (-HT-MCP-) cache: 3072 KB
           clock speeds: max: 1800 MHz 1: 931 MHz 2: 865 MHz 3: 994 MHz
           4: 924 MHz
Graphics:  Card: Intel 3rd Gen Core processor Graphics Controller
           Display Server: X.Org 1.18.4 drivers: intel (unloaded: fbdev,vesa)
           Resolution: 1366x768@59.97hz
           GLX Renderer: Mesa DRI Intel Ivybridge Mobile
           GLX Version: 3.0 Mesa 12.1.0-devel
Audio:     Card Intel 7 Series/C210 Series Family High Definition Audio Controller
           driver: snd_hda_intel
           Sound: Advanced Linux Sound Architecture v: k4.4.0-45-generic
Network:   Card-1: Intel Centrino Wireless-N 2230 driver: iwlwifi
           IF: wlp2s0 state: up mac: <filter>
           Card-2: Realtek RTL8101/2/6E PCI Express Fast/Gigabit Ethernet controller
           driver: r8169
           IF: enp3s0 state: down mac: <filter>
Drives:    HDD Total Size: 500.1GB (10.6% used)
           ID-1: /dev/sda model: ST500LT012 size: 500.1GB
Partition: ID-1: / size: 47G used: 26G (57%) fs: ext4 dev: /dev/sda7
           ID-2: swap-1 size: 4.17GB used: 0.25GB (6%) fs: swap dev: /dev/dm-0
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 53.0C mobo: N/A
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 214 Uptime: 6 days Memory: 1716.6/3830.6MB
           Client: Shell (bash) inxi: 2.2.35
« Last Edit: November 03, 2016, 04:56:09 pm by Pikolo »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25659
  • Karma: 2819
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Suspicious update
« Reply #1 on: November 03, 2016, 04:49:31 pm »
To help us help you, ALL new requests for technical support should include basic system information.

If you haven't already done so, please open a terminal (Ctrl+Alt+T) and run the following command:
Code: [Select]
inxi -Fz
then copy what was returned in the terminal and post it back here.

This was an automated response but please don't ignore it, providing this information now is highly likely to save time for both you and any prospective respondents and aid in the diagnosis of your problem  .. Thanks in advance :)

Note - Please rest assured there is nothing in the output from that command that could be construed as a 'security risk', the '-z' option makes sure of that by filtering out your MAC address.



If you're not sure how to run the above command or how to post the output back here, please see the video tutorial at the link below:
https://forum.peppermintos.com/index.php/topic,4546.0.html
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25659
  • Karma: 2819
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Suspicious update
« Reply #2 on: November 03, 2016, 05:09:33 pm »
They probably downloaded to the package cache with the last load of updates, but for whatever reason didn't get installed that time.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec