Tenders McChiken

Asked: 2019-10-29 09:29:18 +0800 CST2019-10-29 09:29:18 +0800 CST 2019-10-29 09:29:18 +0800 CST

How do significantly-outdated mirrors affect the security of an ubuntu installation?

I run ubuntu on several internet-facing servers.

I recently discovered that the official ubuntu mirror I was using was severely out of date; When I changed my sources and updated apt, I was surprised with about half a gigabyte's worth of packages that were outdated and in need of updating. Among those packages were apt, linux-base and other packages that I assume are integral to the security of my systems. This confused me because I had assumed that security updates were directly fetched from security.ubuntu.com.

Because of this, I want to ask the following questions:

Does Ubuntu rely on the "freshness" of the primary mirror for its security in any way? Or stated in another way: Can an outdated non-security mirror impede or ubstruct Ubuntu's ability to update itself in any way?
Does the *-security repository contain every single security update issued by canonical during a distribution's lifetime?

Edit 2019-10-29: As requested, here is the sources.list from one of the servers. Note that this the stock file that came with ubuntu. The only change was replacing the urls of the outdated mirror with archive.ubuntu.com. I also took the liberty to limit the scope of my question by breaking it into a small set of simple yes-no questions.

# 

# deb cdrom:[Ubuntu-Server 18.04.2 LTS _Bionic Beaver_ - Release amd64 (20190210)]/ bionic main restricted

#deb cdrom:[Ubuntu-Server 18.04.2 LTS _Bionic Beaver_ - Release amd64 (20190210)]/ bionic main restricted

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu/ bionic main restricted
# deb-src http://archive.ubuntu.com/ubuntu/ bionic main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted
# deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ bionic universe
# deb-src http://archive.ubuntu.com/ubuntu/ bionic universe
deb http://archive.ubuntu.com/ubuntu/ bionic-updates universe
# deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
## team, and may not be under a free licence. Please satisfy yourself as to 
## your rights to use the software. Also, please note that software in 
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu/ bionic multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ bionic multiverse
deb http://archive.ubuntu.com/ubuntu/ bionic-updates multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ bionic-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu bionic partner
# deb-src http://archive.canonical.com/ubuntu bionic partner

deb http://security.ubuntu.com/ubuntu bionic-security main restricted
# deb-src http://security.ubuntu.com/ubuntu bionic-security main restricted
deb http://security.ubuntu.com/ubuntu bionic-security universe
# deb-src http://security.ubuntu.com/ubuntu bionic-security universe
deb http://security.ubuntu.com/ubuntu bionic-security multiverse
# deb-src http://security.ubuntu.com/ubuntu bionic-security multiverse

How do significantly-outdated mirrors affect the security of an ubuntu installation?

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?

How do significantly-outdated mirrors affect the security of an ubuntu installation?

0 Answers