My question is about a certain scenario: Say I have connected to an unknown wireless or wired network using my ubuntu laptop. The DNS server ip addresses for this network have been set(by the owner of the network or by a malicious hacker) to point to a fake, malicious DNS server set up by that person. Now, I try to update my ubuntu system using the commands
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get dselect-upgrade
Now, the fake DNS server directs one of the repositories(say us.archive.ubuntu.com or packages.medibuntu.org or some other repo) to a false, malicious ip address set up by that person where he has set up a fake, malicious repository. The upgrade process reports to me that there are software upgrades(updates) for my ubuntu system and I give my assent to install those upgrades(updates). So, the fake, malicious upgrades(updates) are installed on my ubuntu system and the malicious guy/hacker has managed to install malware/spyware/viruses on my ubuntu system. Is such a scenario possible?