[Bug 1557318] Re: package python-samba 2:4.1.17+dfsg-4ubuntu3.2 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1557318 Title: package python-samba 2:4.1.17+dfsg-4ubuntu3.2 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1557318/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1546455] Re: Many instances of 'apparmor="DENIED" operation="create" profile="/usr/sbin/ntpd" pid=15139 comm="ntpd" family="unspec" sock_type="dgram" protocol=0' in syslog
AF_UNSPEC is used in calls to getaddrinfo(3) to request either ipv4 or ipv6 addresses. In the parser, we've been filtering out AF_UNSPEC as an option. It's a simple enough patch to enable it: Index: b/common/Make.rules === --- a/common/Make.rules +++ b/common/Make.rules @@ -98,7 +98,7 @@ list_capabilities: /usr/include/linux/ca # to mediate. We use PF_ here since that is what is required in # bits/socket.h, but we will rewrite these as AF_. -FILTER_FAMILIES=PF_UNSPEC PF_UNIX +FILTER_FAMILIES=PF_UNIX __FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g') However, there's some concern that because the value of AF_UNSPEC is 0, there might be some special handling of that case, or other unexpected issues. That said, I'm able to reproduce the issue, and adding a rule 'network unspec dgram,' eliminated the rejections that ntpd was creating (whereas adding a rule 'network unspec raw,' as expected, did not). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1546455 Title: Many instances of 'apparmor="DENIED" operation="create" profile="/usr/sbin/ntpd" pid=15139 comm="ntpd" family="unspec" sock_type="dgram" protocol=0' in syslog To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1546455/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1527374] Re: CVE-2015-8709
** Description changed: - A kernel bug in user namespaces allows root in a container to ptrace - host-root-owned tasks during a window of opportunity during lxc-attach / - 'lxc exec', before they drop privilege by doing setuid to the container - root uid. + ** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 + mishandles uid and gid mappings, which allows local users to gain + privileges by establishing a user namespace, waiting for a root process + to enter that namespace with an unsafe uid or gid, and then using the + ptrace system call. NOTE: the vendor states "there is no kernel bug + here." -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1527374 Title: CVE-2015-8709 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1527374/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1535325] Re: package nginx-core (not installed) failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1535325 Title: package nginx-core (not installed) failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1535325/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1527374] Re: privilege escalation on attach through ptrace
Mitre assigned CVE-2015-8709 for this issue. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-8709 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-8550 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-8551 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-8552 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-8553 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1527374 Title: privilege escalation on attach through ptrace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1527374/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1512600] Re: package mysql-server-5.6 5.6.27-0ubuntu0.14.04.1 failed to install/upgrade: trying to overwrite '/usr/share/man/man1/innochecksum.1.gz', which is also in package mysql-server-core-5.
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1512600 Title: package mysql-server-5.6 5.6.27-0ubuntu0.14.04.1 failed to install/upgrade: trying to overwrite '/usr/share/man/man1/innochecksum.1.gz', which is also in package mysql-server-core-5.6 5.6.25-3+deb.sury.org~trusty+1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1512600/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1501491] Re: Unable to start containers after upgrade to 1.0.7-0ubuntu0.6 on trusty
Packages to address the issue in lxc are currently building in the ubuntu-security-proposed ppa: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/ ; please test these when they complete to verify that there aren't any additional regressions that have cropped up in this update. Thanks for your patience! ** Changed in: lxc (Ubuntu) Importance: Undecided => High ** Changed in: lxc (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1501491 Title: Unable to start containers after upgrade to 1.0.7-0ubuntu0.6 on trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1501491/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1495805] Re: package nginx-core 1.9.3-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1495805 Title: package nginx-core 1.9.3-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1495805/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1495339] Re: package slapd 2.4.31-1+nmu2ubuntu12.2 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1495339 Title: package slapd 2.4.31-1+nmu2ubuntu12.2 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1495339/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1494920] Re: package sa-compile 3.4.0-3ubuntu2.1 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 25
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to spamassassin in Ubuntu. https://bugs.launchpad.net/bugs/1494920 Title: package sa-compile 3.4.0-3ubuntu2.1 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 25 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1494920/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 956574] Re: Remote crash possibility with SIP and the “automon” feature enabled
This has been addressed in all supported Ubuntu releases, closing. ** Changed in: asterisk (Ubuntu) Status: Confirmed = Fix Released ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/956574 Title: Remote crash possibility with SIP and the “automon” feature enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956574/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 956576] Re: Possible remote enumeration of SIP endpoints with differing NAT settings
This has been addressed in all supported releases of Ubuntu, closing. ** Changed in: asterisk (Ubuntu) Status: Confirmed = Fix Released ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/956576 Title: Possible remote enumeration of SIP endpoints with differing NAT settings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956576/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 956572] Re: Remote unauthenticated sessions - CVE-2012-0885
This has been addressed in all supported Ubuntu releases. closing. ** Changed in: asterisk (Ubuntu) Status: Confirmed = Fix Released ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/956572 Title: Remote unauthenticated sessions - CVE-2012-0885 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956572/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1483341] Re: package exim4-config (not installed) failed to install/upgrade: konflikt balíkov - nebude sa inštalovať exim4-config
Seems to be a dependency conflict that is causing both postfix and exim4 to be installed. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/1483341 Title: package exim4-config (not installed) failed to install/upgrade: konflikt balíkov - nebude sa inštalovať exim4-config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1483341/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1483161] Re: package amavisd-new-postfix 1:2.7.1-2ubuntu3 failed to install/upgrade: podproces nainštalovaný skript post-removal vrátil chybový kód 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in Ubuntu. https://bugs.launchpad.net/bugs/1483161 Title: package amavisd-new-postfix 1:2.7.1-2ubuntu3 failed to install/upgrade: podproces nainštalovaný skript post-removal vrátil chybový kód 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1483161/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 594544] Re: get prompt about modified config file on upgrade from hardy to lucid
dhcp3 was superceded by isc-dhcp between lucid and precise and therefore is not available under any supported ubuntu release. Marking the task dhcp3 as Won't Fix. ** Changed in: dhcp3 (Ubuntu) Status: Confirmed = Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/594544 Title: get prompt about modified config file on upgrade from hardy to lucid To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/594544/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
dhcp3 was superceded by isc-dhcp between lucid and precise and therefore is not available under any supported ubuntu release. Marking the task dhcp3 as Won't Fix. ** Changed in: dhcp3 (Ubuntu) Status: Confirmed = Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 114836] Re: init script version control id not changed
dhcp3 was superceded by isc-dhcp between lucid and precise and therefore is not available under any supported ubuntu release. Marking the task dhcp3 as Won't Fix. ** Changed in: dhcp3 (Ubuntu) Status: Triaged = Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/114836 Title: init script version control id not changed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/114836/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1483341] Re: package exim4-config (not installed) failed to install/upgrade: konflikt balíkov - nebude sa inštalovať exim4-config
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/1483341 Title: package exim4-config (not installed) failed to install/upgrade: konflikt balíkov - nebude sa inštalovať exim4-config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1483341/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446658] Re: lxc-test-apparmor fails on aarch64
Moving this back to lxc, as this doesn't appear to be an apparmor problem. ** Package changed: apparmor (Ubuntu) = lxc (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1446658 Title: lxc-test-apparmor fails on aarch64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1446658/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1476453] Re: package amavisd-new-postfix 1:2.7.1-2ubuntu3 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saída de erro 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in Ubuntu. https://bugs.launchpad.net/bugs/1476453 Title: package amavisd-new-postfix 1:2.7.1-2ubuntu3 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saída de erro 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1476453/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1459545] Re: package libapache2-mod-wsgi-py3 4.3.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mod-wsgi in Ubuntu. https://bugs.launchpad.net/bugs/1459545 Title: package libapache2-mod-wsgi-py3 4.3.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mod-wsgi/+bug/1459545/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1450871] Re: xserver crashes ATI AMD Radeon 7700 driver 12.20
** Package changed: openssh (Ubuntu) = xorg (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1450871 Title: xserver crashes ATI AMD Radeon 7700 driver 12.20 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1450871/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1449088] Re: package clamav-daemon 0.98.6+dfsg-1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2
*** This bug is a duplicate of bug 1438745 *** https://bugs.launchpad.net/bugs/1438745 Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1438745, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Please continue to report any other bugs you may find. ** Changed in: clamav (Ubuntu) Status: New = Confirmed ** This bug has been marked a duplicate of bug 1438745 package clamav-daemon 0.98.6+dfsg-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/1449088 Title: package clamav-daemon 0.98.6+dfsg-1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1449088/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1441369] Re: package init-system-helpers 1.22ubuntu5 failed to install/upgrade: a tentar sobre-escrever '/lib/init/apparmor-profile-load', que também está no pacote upstart-bin 1.13.2-0ubuntu9
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to init-system-helpers in Ubuntu. https://bugs.launchpad.net/bugs/1441369 Title: package init-system-helpers 1.22ubuntu5 failed to install/upgrade: a tentar sobre-escrever '/lib/init/apparmor-profile-load', que também está no pacote upstart-bin 1.13.2-0ubuntu9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/1441369/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1437686] Re: NTP connects any 3 min and never stops
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1437686 Title: NTP connects any 3 min and never stops To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1437686/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1100877] Re: lxc-start fails after upgrade to raring
** Tags removed: apparmor -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1100877 Title: lxc-start fails after upgrade to raring To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1100877/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1411176] Re: Please remove python-oauth2 package from Ubuntu repo
So python-oauth2 has some reverse dependencies: python-oauth2 Reverse Depends: turses screenlets-pack-all python-django-social-auth python-django-oauth-plus turses was removed from debian in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779448 python-django-social-auth was removed from debian in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779447 python-django-oauth-plus was removed from debian in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779446 screenlets-pack-all (srcpkg indiv-screenlets) is an odd duck; it's a separated out package from the screenlets src package and is newer than the debian version of screenlets (which does not recommend python- auth2). The screenlets upstream is dead, having been deprecated by gnome (http://screenlets.org no longer shows anything). Looking at the indiv-screenlets source, the only Screenlet that makes use of python-oauth2 is the Twitter screenlet. So either we should just drop the screenlets and indiv-screenlets packages entirely, or disable the Twitter screenlet from the indiv-screenlets package so that the dependency on python-oauth2 can be dropped. ** Bug watch added: Debian Bug tracker #779448 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779448 ** Bug watch added: Debian Bug tracker #779447 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779447 ** Bug watch added: Debian Bug tracker #779446 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779446 ** Also affects: turses (Ubuntu) Importance: Undecided Status: New ** Changed in: turses (Ubuntu) Status: New = Confirmed ** Changed in: turses (Ubuntu) Importance: Undecided = Wishlist ** Also affects: python-django-social-auth (Ubuntu) Importance: Undecided Status: New ** Changed in: python-django-social-auth (Ubuntu) Status: New = Confirmed ** Changed in: python-django-social-auth (Ubuntu) Importance: Undecided = Wishlist ** Also affects: django-oauth-plus (Ubuntu) Importance: Undecided Status: New ** Changed in: django-oauth-plus (Ubuntu) Status: New = Confirmed ** Changed in: django-oauth-plus (Ubuntu) Importance: Undecided = Wishlist ** Also affects: indiv-screenlets (Ubuntu) Importance: Undecided Status: New ** Changed in: indiv-screenlets (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-oauth2 in Ubuntu. https://bugs.launchpad.net/bugs/1411176 Title: Please remove python-oauth2 package from Ubuntu repo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/django-oauth-plus/+bug/1411176/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1424143] Re: lxc-net should attempt to use ip before ifconfig, not vice-versa
Here's the complete sh -xe output from running lxc-net start: ubuntu@vivid-i386:~$ sudo sh -xe /usr/lib/i386-linux-gnu/lxc/lxc-net start + distrosysconfdir=/etc/default + localstatedir=/var + varrun=/run/lxc + USE_LXC_BRIDGE=true + LXC_BRIDGE=lxcbr0 + LXC_ADDR=10.0.3.1 + LXC_NETMASK=255.255.255.0 + LXC_NETWORK=10.0.3.0/24 + LXC_DHCP_RANGE=10.0.3.2,10.0.3.254 + LXC_DHCP_MAX=253 + LXC_DHCP_CONFILE= + LXC_DOMAIN= + [ ! -f /etc/default/lxc ] + . /etc/default/lxc + MIRROR=http://ubuntu-mirror.nxnw.org/ubuntu + LXC_AUTO=true + USE_LXC_BRIDGE=false + [ -f /etc/default/lxc-net ] + . /etc/default/lxc-net + USE_LXC_BRIDGE=true + LXC_BRIDGE=lxcbr0 + LXC_ADDR=10.0.3.1 + LXC_NETMASK=255.255.255.0 + LXC_NETWORK=10.0.3.0/24 + LXC_DHCP_RANGE=10.0.3.2,10.0.3.254 + LXC_DHCP_MAX=253 + LXC_SHUTDOWN_TIMEOUT=120 + [ -d /var/lock/subsys ] + lockdir=/var/lock/subsys + start + [ ! -f /var/lock/subsys/lxc-net ] + [ xtrue = xtrue ] + use_iptables_lock=-w + iptables -w -L -n + [ -d /sys/class/net/lxcbr0 ] + brctl addbr lxcbr0 + echo 1 + [ ! -d /run/lxc ] + ifup lxcbr0 10.0.3.1 255.255.255.0 + which ifconfig + [ 0 = 0 ] + ifconfig lxcbr0 10.0.3.1 netmask 255.255.255.0 up + return + iptables -w -I INPUT -i lxcbr0 -p udp --dport 67 -j ACCEPT + iptables -w -I INPUT -i lxcbr0 -p tcp --dport 67 -j ACCEPT + iptables -w -I INPUT -i lxcbr0 -p udp --dport 53 -j ACCEPT + iptables -w -I INPUT -i lxcbr0 -p tcp --dport 53 -j ACCEPT + iptables -w -I FORWARD -i lxcbr0 -j ACCEPT + iptables -w -I FORWARD -o lxcbr0 -j ACCEPT + iptables -w -t nat -A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE + iptables -w -t mangle -A POSTROUTING -o lxcbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + LXC_DOMAIN_ARG= + [ -n ] + getent passwd lxc-dnsmasq + break + dnsmasq -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --conf-file= --listen-address 10.0.3.1 --dhcp-range 10.0.3.2,10.0.3.254 --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative + touch /run/lxc/network_up + touch /var/lock/subsys/lxc-net + exit 0 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1424143 Title: lxc-net should attempt to use ip before ifconfig, not vice-versa To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424143/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1424143] [NEW] lxc-net should attempt to use ip before ifconfig, not vice-versa
Public bug reported: The lxc-net script in /usr/lib/$archtriplet/lxc/lxc-net attempts to use ifconfig first and then falls back to trying to use ip(8) in the ifup() and ifdown() shell functions. This behavior should be reversed, as ip has been preferred over ifconfig for several years now. As an example of why, lxc-net breaks the network setup within virtualbox guests. After starting lxc-net, the route table looks like: ubuntu@vivid-i386:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.0.2.20.0.0.0 UG1024 00 eth0 10.0.0.00.0.0.0 255.0.0.0 U 0 00 lxcbr0 10.0.2.00.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 00 eth0 This is despite the following settings in /etc/default/lxc-net: LXC_BRIDGE=lxcbr0 LXC_ADDR=10.0.3.1 LXC_NETMASK=255.255.255.0 LXC_NETWORK=10.0.3.0/24 Switching the order in ifup and ifdown to try using ip first results in the correct netmask being applied: ubuntu@vivid-i386:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.0.2.20.0.0.0 UG1024 00 eth0 10.0.2.00.0.0.0 255.255.255.0 U 0 00 eth0 10.0.3.00.0.0.0 255.255.255.0 U 0 00 lxcbr0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 00 eth0 Looking at sh -x output when running lxc-net manually, it *looks* like ifconfig is being invoked correctly, so I don't know why it's getting the netmask wrong: + use_iptables_lock=-w + iptables -w -L -n + [ -d /sys/class/net/lxcbr0 ] + brctl addbr lxcbr0 + echo 1 + [ ! -d /run/lxc ] + ifup lxcbr0 10.0.3.1 255.255.255.0 + which ifconfig + [ 0 = 0 ] + ifconfig lxcbr0 10.0.3.1 netmask 255.255.255.0 up + return ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.18.0-13.14-generic 3.18.5 Uname: Linux 3.18.0-13-generic i686 ApportVersion: 2.16.1-0ubuntu2 Architecture: i386 Date: Sat Feb 21 00:13:27 2015 InstallationDate: Installed on 2014-12-12 (70 days ago) InstallationMedia: Ubuntu 15.04 Vivid Vervet - Alpha i386 (20141212) ProcEnviron: TERM=screen SHELL=/bin/bash PATH=(custom, no user) LANG=en_US.UTF-8 XDG_RUNTIME_DIR=set SourcePackage: lxc UpgradeStatus: No upgrade log present (probably fresh install) defaults.conf: lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:xx:xx:xx modified.conffile..etc.default.lxc: [modified] mtime.conffile..etc.default.lxc: 2015-02-20T18:15:56.552501 ** Affects: lxc (Ubuntu) Importance: Undecided Status: New ** Tags: apparmor apport-bug i386 third-party-packages vivid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1424143 Title: lxc-net should attempt to use ip before ifconfig, not vice-versa To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424143/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1424143] Re: lxc-net should attempt to use ip before ifconfig, not vice-versa
And here's the patch to the lxc-net script to prefer ip(8) over ifconfig. ** Patch added: lxc-net-prefer_ip.patch https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424143/+attachment/4323815/+files/lxc-net-prefer_ip.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1424143 Title: lxc-net should attempt to use ip before ifconfig, not vice-versa To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424143/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1424154] Re: apparmor sysfs remount rejection on lxc-start
So the only difference that I can see is that so *without* the added remount rule, /proc/mounts contains the following entries for sysfs+/sys/ within the container: sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 sysfs /sys sysfs ro,nosuid,nodev,noexec,relatime 0 0 with the added rule, /proc/mounts contains: sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 (note the 'rw' for the second line of the latter.) I'm guessing the first entry is the mount entry from the container host and the second one is the actual container mount? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1424154 Title: apparmor sysfs remount rejection on lxc-start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424154/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1424154] [NEW] apparmor sysfs remount rejection on lxc-start
Public bug reported: When starting up an ubuntu lxc container in vivid, I'm seeing the following apparmor rejection: Feb 21 01:30:41 vivid-i386 kernel: [ 2121.606513] audit: type=1400 audit(1424511041.643:125): apparmor=DENIED operation=mount info=failed flags match error=-13 profile=lxc-container-default name=/sys/ pid=20698 comm=mount flags=rw, nosuid, nodev, noexec, remount The container still started up,and I couldn't see anything problematic within it related to sysfs. Adding the following remount apparmor rule to /etc/apparmor.d/abstractions/lxc/container-base allows the remount operatoin to succeed: remount options=(rw, nosuid, nodev, noexec) /sys/, ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: lxc 1.1.0-0ubuntu1 [modified: usr/lib/i386-linux-gnu/lxc/lxc-net] ProcVersionSignature: Ubuntu 3.18.0-13.14-generic 3.18.5 Uname: Linux 3.18.0-13-generic i686 ApportVersion: 2.16.1-0ubuntu2 Architecture: i386 Date: Sat Feb 21 01:43:55 2015 InstallationDate: Installed on 2014-12-12 (70 days ago) InstallationMedia: Ubuntu 15.04 Vivid Vervet - Alpha i386 (20141212) ProcEnviron: TERM=screen SHELL=/bin/bash PATH=(custom, no user) LANG=en_US.UTF-8 XDG_RUNTIME_DIR=set SourcePackage: lxc UpgradeStatus: No upgrade log present (probably fresh install) defaults.conf: lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:xx:xx:xx modified.conffile..etc.apparmor.d.abstractions.lxc.container.base: [modified] modified.conffile..etc.default.lxc: [modified] mtime.conffile..etc.apparmor.d.abstractions.lxc.container.base: 2015-02-21T01:34:23.031703 mtime.conffile..etc.default.lxc: 2015-02-20T18:15:56.552501 ** Affects: lxc (Ubuntu) Importance: Undecided Status: New ** Tags: apparmor apport-bug i386 third-party-packages vivid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1424154 Title: apparmor sysfs remount rejection on lxc-start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424154/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1421303] Re: mysql does not import apparmor profile correctly
I think I see this as well, simply doing an 'apt-get install mysql- server-5.6' on vivid leaves things in the following state after the installation completes: $ sudo aa-status [SNIP] 2 processes are unconfined but have a profile defined. /usr/sbin/dnsmasq (665) /usr/sbin/mysqld (9186) which suggests that something is going wrong in the rats nest of mysql.postinst/invoke-rc.d. Is it possible that somehow the sysv init script /etc/init.d/mysql is getting invoked instead of the upstart job? (... as that script does not load the mysql apparmor profile before starting mysql, unlike the upstart job). ** Tags added: apparmor -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1421303 Title: mysql does not import apparmor profile correctly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1421303/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1420819] Re: ClamAV 0.98.6 security update for Lucid
Thanks, I'm working on this now. I updated the changelog slightly to add a reference to this bug report. ** Information type changed from Private Security to Public Security ** Changed in: clamav (Ubuntu) Status: New = In Progress ** Changed in: clamav (Ubuntu) Importance: Undecided = Medium ** Changed in: clamav (Ubuntu) Assignee: (unassigned) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/1420819 Title: ClamAV 0.98.6 security update for Lucid To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1420819/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1420819] Re: ClamAV 0.98.6 security update for Lucid
Hi Chris, Did you do a test build on powerpc? Even with not using llvm, I got a build failure in the unit tests on powerpc. I'll retry the build as sometimes things can be flaky on the powerpc buildds, but the relevant bits from the log are as follows: make[3]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests' cp input/clamav.hdb clamav.hdb CC check_clamav-check_clamav.o check_clamav.c: In function 'test_cli_readint16': check_clamav.c:708: warning: pointer targets in passing argument 1 of 'cli_readint16' differ in signedness ../libclamav/others.h:519: note: expected 'const char *' but argument is of type 'uint8_t *' check_clamav.c:713: warning: pointer targets in passing argument 1 of 'cli_readint16' differ in signedness ../libclamav/others.h:519: note: expected 'const char *' but argument is of type 'uint8_t *' check_clamav.c: In function 'test_cli_readint32': check_clamav.c:725: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness ../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *' check_clamav.c:730: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness ../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *' check_clamav.c: In function 'test_cli_writeint32': check_clamav.c:741: warning: pointer targets in passing argument 1 of 'cli_writeint32' differ in signedness ../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint8_t *' check_clamav.c:744: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness ../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *' check_clamav.c:748: warning: pointer targets in passing argument 1 of 'cli_writeint32' differ in signedness ../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint8_t *' check_clamav.c:751: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness ../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *' CC check_clamav-check_jsnorm.o CC check_clamav-check_str.o CC check_clamav-check_regex.o CC check_clamav-check_disasm.o CC check_clamav-check_uniq.o CC check_clamav-check_matchers.o CC check_clamav-check_htmlnorm.o CC check_clamav-check_bytecode.o check_bytecode.c: In function 'test_matchwithread_jit': check_bytecode.c:255: warning: passing argument 1 of 'cli_writeint32' from incompatible pointer type ../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint32_t *' check_bytecode.c: In function 'test_matchwithread_int': check_bytecode.c:278: warning: passing argument 1 of 'cli_writeint32' from incompatible pointer type ../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint32_t *' check_bytecode.c: At top level: check_bytecode.c:463: warning: 'test_retmagic_7_int' defined but not used CCLD check_clamav CC check_clamd-check_clamd.o CCLD check_clamd CC check_fpu_endian-check_fpu_endian.o CCLD check_fpu_endian make[3]: Nothing to be done for `check_freshclam.sh'. make[3]: Nothing to be done for `check_sigtool.sh'. cat ../unit_tests/.split/split.clam-phish-exeaa ../unit_tests/.split/split.clam-phish-exeab clam-phish-exe make[3]: Nothing to be done for `check1_clamscan.sh'. make[3]: Nothing to be done for `check2_clamd.sh'. make[3]: Nothing to be done for `check3_clamd.sh'. make[3]: Nothing to be done for `check4_clamd.sh'. make[3]: Nothing to be done for `check5_clamd_vg.sh'. make[3]: Nothing to be done for `check6_clamd_vg.sh'. make[3]: Nothing to be done for `check7_clamd_hg.sh'. make[3]: Nothing to be done for `check8_clamd_hg.sh'. make[3]: Nothing to be done for `check9_clamscan_vg.sh'. make[3]: Leaving directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests' /usr/bin/make check-TESTS make[3]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests' make[4]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests' FAIL: check_clamav PASS: check_freshclam.sh PASS: check_sigtool.sh SKIP: check_unit_vg.sh PASS: check1_clamscan.sh PASS: check2_clamd.sh PASS: check3_clamd.sh PASS: check4_clamd.sh SKIP: check5_clamd_vg.sh SKIP: check6_clamd_vg.sh SKIP: check7_clamd_hg.sh SKIP: check8_clamd_hg.sh SKIP: check9_clamscan_vg.sh make[5]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests' make[5]: Nothing to be done for `all'. make[5]: Leaving directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests' == ClamAV 0.98.6: unit_tests/test-suite.log == # TOTAL: 13 # PASS: 6 # SKIP: 6 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: check_clamav == Running suite(s): cl_api cli jsnorm str regex
[Bug 1400736] Re: CVE-2014-9130 libyaml: denial-of-service/application crash with untrusted yaml input
This was addresses in http://www.ubuntu.com/usn/usn-2461-1/ , thanks. ** Changed in: libyaml (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libyaml in Ubuntu. https://bugs.launchpad.net/bugs/1400736 Title: CVE-2014-9130 libyaml: denial-of-service/application crash with untrusted yaml input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libyaml/+bug/1400736/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 485873] Re: logwatch should report apparmor events
This unfortunately doesn't work by default in ubuntu because the setting for audit.conf in /usr/share/logwatch/services/ points to the 'messages' logfile which is no longer used in ubuntu. It should either be 'syslog' or 'kernel'. A secondary issue is that if auditd is enabled, events will only go to /var/log/audit/audit.log, and there doesn't appear to be a default configuration file for that. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to logwatch in Ubuntu. https://bugs.launchpad.net/bugs/485873 Title: logwatch should report apparmor events To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/485873/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1050211] Re: (CVE-2012-4244) bind9: specially crafted resource record causes named to exit
Thanks for reporting this, we are aware of it and are working on an update. Marking as public. ** Changed in: bind9 (Ubuntu) Importance: Undecided = High ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1050211 Title: (CVE-2012-4244) bind9: specially crafted resource record causes named to exit To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1050211/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1040626] Re: Update user's default tenant partially succeeds without authz
Addressed in Ubuntu 12.10 with keystone 2012.2~rc1~20120906.2517-0ubuntu2. ** Changed in: keystone (Ubuntu) Status: Triaged = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1040626 Title: Update user's default tenant partially succeeds without authz To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1040626/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1040626] Re: Update user's default tenant partially succeeds without authz
This was fixed in Ubuntu 12.04 LTS in http://www.ubuntu.com/usn/usn-1552-1/ but still needs to be fixed in quantal (ubuntu 12.10). Attached is a debdiff to do so. ** Patch added: keystone_2012.2~f3-0ubuntu2.debdiff https://bugs.launchpad.net/keystone/+bug/1040626/+attachment/3296627/+files/keystone_2012.2%7Ef3-0ubuntu2.debdiff ** Also affects: keystone (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1040626 Title: Update user's default tenant partially succeeds without authz To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1040626/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1040626] Re: Update user's default tenant partially succeeds without authz
** Changed in: keystone (Ubuntu) Status: New = Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1040626 Title: Update user's default tenant partially succeeds without authz To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1040626/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1033920] Re: Dashboard raises a ServiceCatalogException when attempting to download juju settings
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2094 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2144 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to horizon in Ubuntu. https://bugs.launchpad.net/bugs/1033920 Title: Dashboard raises a ServiceCatalogException when attempting to download juju settings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1033920/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 992447] Re: Communication with store.juju.ubuntu.com is not authenticated
Clint, FYI, I slightly modified the patch headers to make them DEP-3 compliant (added Subject: lines with brief descriptions of the issues they address). Unsubscribing ubuntu-security-sponsors since there is no more open tasks for that team to undertake. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/992447 Title: Communication with store.juju.ubuntu.com is not authenticated To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/992447/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 992447] Re: Communication with store.juju.ubuntu.com is not authenticated
Clint, Thanks, debdiff looks good. I'll push this out today. ** Changed in: juju (Ubuntu Precise) Status: Confirmed = In Progress ** Changed in: juju (Ubuntu Precise) Assignee: Clint Byrum (clint-fewbar) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/992447 Title: Communication with store.juju.ubuntu.com is not authenticated To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/992447/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 985184] Re: Security groups fail to be set correctly if incorrect case is used for protocol specification
Dave, this was fixed for Ubuntu precise in http://www.ubuntu.com/usn/usn-1466-1/ (2012.1-0ubuntu2.2). Thanks. ** Changed in: nova (Ubuntu Precise) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/985184 Title: Security groups fail to be set correctly if incorrect case is used for protocol specification To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/985184/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1015405] Re: ClamAV error: CL_EFORMAT: Bad format or broken data
Thanks Scott, I'm reviewing the natty, oneiric, and precise debdiffs now. ** Changed in: clamav (Ubuntu Natty) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: clamav (Ubuntu Precise) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: clamav (Ubuntu Oneiric) Assignee: (unassigned) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/1015405 Title: ClamAV error: CL_EFORMAT: Bad format or broken data To manage notifications about this bug go to: https://bugs.launchpad.net/clamav/+bug/1015405/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1012 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1014 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1015 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1009422 Title: (CVE-2012-1013) krb5 : kadmind denial of service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
This is a low priority issue due to the required privileges needed to exploit it. ** Changed in: krb5 (Ubuntu) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1009422 Title: (CVE-2012-1013) krb5 : kadmind denial of service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1010514] Re: Source group based security group rule without protocol and port causes failures
** Changed in: nova (Ubuntu Oneiric) Status: New = In Progress ** Changed in: nova (Ubuntu Precise) Status: New = In Progress ** Changed in: nova (Ubuntu Oneiric) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: nova (Ubuntu Precise) Assignee: (unassigned) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/1010514 Title: Source group based security group rule without protocol and port causes failures To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1010514/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1010514] Re: Source group based security group rule without protocol and port causes failures
** Also affects: nova (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/1010514 Title: Source group based security group rule without protocol and port causes failures To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1010514/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 289367] Re: camellia cipher does not work in racoon - enable camellia in openssl
This was fixed in oneiric with the introduction of openssl 1.0.0. On precise: $ openssl ciphers CAMELLIA DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ADH-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ADH-CAMELLIA128-SHA:CAMELLIA128-SHA Marking this bug report closed. Thanks! ** Changed in: openssl (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ipsec-tools in Ubuntu. https://bugs.launchpad.net/bugs/289367 Title: camellia cipher does not work in racoon - enable camellia in openssl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/289367/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 978999] Re: command injection on the host via the xmlrpc api
I believe upstream attempted to address this in https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/978999 Title: command injection on the host via the xmlrpc api To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 791758] Re: CVE-2011-1929 and Dovecot 1.0.10-1ubuntu5.2 in Hardy
Hi, Sorry for losing track of the issue. I was getting corrupted headers where because one header had multiple NULLs in it, when dovecot wrote the message back, it ended up dropping that header and merging/corrupting another header. The example I came up with was where the original message looked like so: From te...@test3.com Tue Nov 28 11:29:34 2007 Date^@: Tue, 28 Nov 2007 11:29:34 +0100 ^@From: ( Test User 4 te...@test3.com To: Dovecot tester dove...@test.com Sub^@ject: Test 3 Statu^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@s: R Stop cracking! (note that the ^@ are representations of NULL characters). Causing the message to be written back in dovecot reults i the following: From te...@test3.com Tue Nov 28 11:29:34 2007 Date^@: Tue, 28 Nov 2007 11:29:34 +0100 ^@From: ( Test User 4 te...@test3.com To: Dovecot tester dove...@test.com Sub^@ject: Test X-IMAPbase: 1308694311 01 X-UID: 1 Status: O Stop cracking! Note that the fake Subject line has the X-IMAPbase header merged into it. I was not able to get more widespread corruption of the mailbox, but didn't try very hard. Anyway, dovecot in hardy is not affected by the original crashing issue, and so I'm going to close this specific bug report. Thanks, and sorry again for the delay in following up with this issue. ** Changed in: dovecot (Ubuntu) Status: In Progress = Invalid ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dovecot in Ubuntu. https://bugs.launchpad.net/bugs/791758 Title: CVE-2011-1929 and Dovecot 1.0.10-1ubuntu5.2 in Hardy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/791758/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 986314] [NEW] squid3 missing pie and bind-now hardening options
Public bug reported: The squid (v2) package had all of the hardening options enabled (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542723) due to squid receiving and parsing network input and the number of and severity of prior security issues; however, with the transition to squid3 some of these options were lost by falling back to the default compiler settings. STEPS TO REPRODUCE: 1) install the hardening-includes package 2) run '/usr/bin/hardening-check /usr/sbin/squid3' If all the hardening options were enabled at compile time, the output and return code should be: $ hardening-check /usr/sbin/squid3 /usr/sbin/squid3: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes $ echo $? 0 However, with the current squid3 version in precise(3.1.19-1ubuntu2) , the output and return code are like so: $ /usr/bin/hardening-check /usr/sbin/squid3 /usr/sbin/squid3: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! $ echo $? 1 You can also use the test-built-binaries.py script from the lp:qa- regression-testing testsuite, with python-nose to run just the squid portion, like so: $ nosetests test-built-binaries.py:BuiltBinariesTest.test_squid -v Testing squid ... ok -- Ran 1 test in 3.699s OK ** Affects: squid3 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/986314 Title: squid3 missing pie and bind-now hardening options To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/986314/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 986314] Re: squid3 missing pie and bind-now hardening options
For more details on the hardening options, please see http://wiki.debian.org/Hardening Attached is a debdiff for precise-proposed SRU that addresses the issue as well as fixes the file descriptor limit in bug 986159. I've built and confirmed both issues locally, as well as performed a modicum of testing to verify that squid3 still functions as expected. Thanks. ** Patch added: squid3_3.1.19-1ubuntu3.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/986314/+attachment/3096343/+files/squid3_3.1.19-1ubuntu3.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/986314 Title: squid3 missing pie and bind-now hardening options To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/986314/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 986159] Re: squid3 open file descriptors limit is set incorrectly
Hi, I've attached a debidff to bug 986314 that addresses that issue as well as this one for an SRU. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/986159 Title: squid3 open file descriptors limit is set incorrectly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/986159/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 986314] Re: squid3 missing pie and bind-now hardening options
** Changed in: squid3 (Ubuntu) Importance: Undecided = High ** Tags added: qa-r-t regression-release -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/986314 Title: squid3 missing pie and bind-now hardening options To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/986314/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 986159] Re: squid3 open file descriptors limit is set incorrectly
** Changed in: squid3 (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/986159 Title: squid3 open file descriptors limit is set incorrectly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/986159/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 986314] Re: squid3 missing pie and bind-now hardening options
** Bug watch added: Debian Bug tracker #669684 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669684 ** Also affects: squid3 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669684 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/986314 Title: squid3 missing pie and bind-now hardening options To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/986314/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 969228] Re: Unable to load another apparmor profile from /etc/apparmor.d/lxc/
Hi, can you attach the profiles in question? That will help in diagnosing the issue. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/969228 Title: Unable to load another apparmor profile from /etc/apparmor.d/lxc/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/969228/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 956581] Re: Stack Buffer Overflow in HTTP Manager
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/956581 Title: Stack Buffer Overflow in HTTP Manager To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956581/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 956580] Re: Remote Crash Vulnerability in Milliwatt Application
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/956580 Title: Remote Crash Vulnerability in Milliwatt Application To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956580/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 956578] Re: Remote crash vulnerability in SIP channel driver
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/956578 Title: Remote crash vulnerability in SIP channel driver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956578/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 956581] Re: Stack Buffer Overflow in HTTP Manager
Hi Paul, When compiling with your added patches, a new compiler warning pops up: +chan_sip.c: In function 'parse_register_contact': +chan_sip.c:13312:2: warning: implicit declaration of function 'parse_uri_legacy_check' [-Wimplicit-function-declaration] greping through the source, I don't see parse_uri_legacy_check() referenced anywhere except in debian/patches/AST-2011-012.diff ; is this actually correct? Was this function added after 1.8.4.4? I've updated your debdiff to include DEP-3 references and CVE references in the changelog, it's attached. If you end up re-submitting, can you please base off it? Thanks. ** Patch added: Updated asterisk debdiff https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956581/+attachment/2918077/+files/asterisk_1.8.4.4%7Edfsg-2ubuntu5.debdiff ** Changed in: asterisk (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/956581 Title: Stack Buffer Overflow in HTTP Manager To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956581/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 959419] Re: package postfix 2.7.0-1ubuntu0.2 failed to install/upgrade: sous-processus nouveau script pre-installation tué par le signal (Relais brisé (pipe))
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in Ubuntu. https://bugs.launchpad.net/bugs/959419 Title: package postfix 2.7.0-1ubuntu0.2 failed to install/upgrade: sous- processus nouveau script pre-installation tué par le signal (Relais brisé (pipe)) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/959419/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 877740] Re: CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure
This was fixed for Ubuntu 8.04 LTS (hardy) in 2.2.8-1ubuntu0.22 as referred to in USN http://www.ubuntu.com/usn/usn-1259-1 ; closing. ** Changed in: apache2 (Ubuntu Hardy) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/877740 Title: CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/877740/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 910296] Re: Please backport the upstream patch to prevent attacks based on hash collisions
This was addressed in precise in the 5.3.10-1ubuntu1 merge, closing. ** Changed in: php5 (Ubuntu Precise) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/910296 Title: Please backport the upstream patch to prevent attacks based on hash collisions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/910296/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 932239] Re: Multiple Samba security vulnerabilities
Note that Ubuntu, like many linux distributions, backports security fixes rather than upgrading to new versions of software to attempt to prevent the introduction of regressions and changes in behavior in released versions of software. CVE-2010-3069 was addressed in http://www.ubuntu.com/usn/usn-987-1 CVE-2011-2522 and CVE-2011-2694 were addressed in http://www.ubuntu.com/usn/usn-1182-1 CVE-2011-0719 was addressed in http://www.ubuntu.com/usn/usn-1075-1 CVE-2010-1635 and CVE-2010-1642 can only kill the current connection of the attacker, the vulnerabilities do not affect the service as a whole, and as such have negligable security impact. They've also been addressed in maverick and subsequent releases. What is Manzanita? ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1635 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1642 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-3069 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0719 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2522 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2694 ** Changed in: samba (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/932239 Title: Multiple Samba security vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/932239/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 932239] Re: Multiple Samba security vulnerabilities
Also, you can check the status yourself of the CVEs we are aware of at the Ubuntu Security cve tracker: http://people.canonical.com/~ubuntu- security/cve/ -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/932239 Title: Multiple Samba security vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/932239/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
Yes, as Ondřej said, all supported releases were affected and the issue was that ini_get('magic_quotes_gpc') was returning the wrong value, magic_quotes_gpc would still get set correctly. Also, get_magic_quotes_gpc() returned the correct value, too. Fixes for all releases have gone out as http://www.ubuntu.com/usn/usn-1358-2/. Thanks for your patience. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 923699] Re: Compiling PHP 5 fails due to missing suhosin_patch.c
Hakan, note that the php source package includes a quilt series of patches to be applied in the debian/patches/ directory. This includes the php-suhosin patch which adds the file that make is reporting missing. You may wish to read the Quilt for Debian Maintainers page at http://pkg-perl.alioth.debian.org/howto/quilt.html to understand how to work with them. ** Changed in: php5 (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/923699 Title: Compiling PHP 5 fails due to missing suhosin_patch.c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/923699/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 910296] Re: Please backport the upstream patch to prevent attacks based on hash collisions
Yes, this has been fixed in hardy (8.04 LTS); however, I forgot to incorporate the bug number in the changelog entry for the hardy version. You are correct that this issue has not been addressed in precise, yet. As for CVE-2012-0830, there is no separate bug report; the security team doesn't track all security issues via bug reports due to some inadequacies in launchpad. Issues are tracked publicly in the Ubuntu CVE tracker at http://people.canonical.com/~ubuntu-security/cve/ . Thanks! ** Changed in: php5 (Ubuntu Hardy) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/910296 Title: Please backport the upstream patch to prevent attacks based on hash collisions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/910296/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 930115] Re: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
Ondřej, thanks for diagnosing this issue! I'll review and incorporate your patch and release a regression fix for this shortly after testing locally. Thanks and my apologies for introducing this regression. ** Changed in: php5 (Ubuntu Lucid) Status: Triaged = In Progress ** Changed in: php5 (Ubuntu Lucid) Assignee: Canonical Security Team (canonical-security) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/930115 Title: php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 908154] Re: PHP session garbage collection measured in minutes instead of seconds
BIll, The /usr/lib/php5/maxlifetime script is already dividing the result by 60; if you run it with the default settings, you will see that it returns 24 (the expected number of minutes). So your patch should not be necessary. Is that not the behavior you see? What does it output if you run it directly? Ondřej, Hrm, the issue you're raising, ensuring that a session file that was started more than 24 minutes ago but is still in use doesn't get purged by using fuser, is a separate issue from what Bill is reporting. Can you open a separate bug for that? Thanks! ** Changed in: php5 (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/908154 Title: PHP session garbage collection measured in minutes instead of seconds To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/908154/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 908154] Re: PHP session garbage collection measured in minutes instead of seconds
** Changed in: php5 (Ubuntu) Status: Incomplete = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/908154 Title: PHP session garbage collection measured in minutes instead of seconds To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/908154/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 928550] Re: PHP Comparison Issues ... 0 equates to 'D'
Thanks for taking the time to report this issue and help improve Ubuntu. While from a programmer's perspective, it's unexpected behavior; however, it is correct as documented at: http://php.net/manual/en/language.operators.comparison.php What's happening is that when comparing a string to a number, php is converting the string (in this case 'D') to a number. Because 'D' isn't a (base 10) number, it treats it as the number 0. And thus 0 == 0 returns true. Please feel free to report any additional issues you come across. Thanks again! ** Changed in: php5 (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/928550 Title: PHP Comparison Issues ... 0 equates to 'D' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/928550/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 910296] Re: Please backport the upstream patch to prevent attacks based on hash collisions
Thanks for reporting this; I am currently working on the update to fix this and other open php issues. I'm aware of the introduced vulnerability CVE-2012-0830 that the fix for this issue introduced (Tom Reed's patch above includes the vulnerability). It's addressed upstream by http://svn.php.net/viewvc?view=revisionrevision=323007, plus there's an additional memory leak addressed by http://svn.php.net/viewvc?view=revisionrevision=323013). ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-0830 ** Changed in: php5 (Ubuntu Lucid) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Hardy) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Natty) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Maverick) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Oneiric) Assignee: (unassigned) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/910296 Title: Please backport the upstream patch to prevent attacks based on hash collisions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/910296/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 750371] Re: squid causing /var to stay busy during shutdown
I was able to reproduce this issue with squid 2.7.STABLE9-2ubuntu5.1, and have verified that the version in maverick-proposed, 2.7.STABLE9-2ubuntu5.2 appears to fix the issue. After upgrading, squid continued to function as expected. Marking verification-done. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in Ubuntu. https://bugs.launchpad.net/bugs/750371 Title: squid causing /var to stay busy during shutdown To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/750371/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 877740] Re: CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure
Thanks, Michael, I expect packages to go out in the next couple of days. FYI, the lucid debdiff you posted did not include an edit to debian/patches/00list, so I don't believe it's getting applied in your ppa build. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/877740 Title: CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/877740/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 877607] Re: package libapache2-mod-php5 5.3.5-1ubuntu7.3 failed to install/upgrade: vereistenproblemen - blijft ongeconfigureerd
This appears to be the issue: ERROR: Module reqtimeout does not exist! mod_reqtimeout should be provided by the apache2.2-bin package. Is it installed and in a consistent state? ** Changed in: php5 (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/877607 Title: package libapache2-mod-php5 5.3.5-1ubuntu7.3 failed to install/upgrade: vereistenproblemen - blijft ongeconfigureerd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/877607/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2202 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3182 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 877740] Re: CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure
This was fixed in precise in 2.2.21-2ubuntu1 (see bug 872000). Assigning the other releases to myself. ** Changed in: apache2 (Ubuntu) Status: New = Fix Released ** Changed in: apache2 (Ubuntu Hardy) Status: New = In Progress ** Changed in: apache2 (Ubuntu Lucid) Status: New = In Progress ** Changed in: apache2 (Ubuntu Maverick) Status: New = In Progress ** Changed in: apache2 (Ubuntu Natty) Status: New = In Progress ** Changed in: apache2 (Ubuntu Oneiric) Status: New = In Progress ** Changed in: apache2 (Ubuntu Hardy) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: apache2 (Ubuntu Lucid) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: apache2 (Ubuntu Maverick) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: apache2 (Ubuntu Natty) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: apache2 (Ubuntu Oneiric) Assignee: (unassigned) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/877740 Title: CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/877740/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 874130] Re: Canonicalize fallback only works for different realm (MITKRB RT #6917)
Unfortunately, the version in oneiric-proposed was superceded by a security update to krb5 (though the versioning of the proposed version doesn't correctly reflect that) in USN 1233-1 http://www.ubuntu.com/usn/usn-1233-1/. Attached is a debdiff against the version of krb5 in oneiric-security, with a version that supercedes the current version in oneiric-proposed (it also follows the debian krb maintainer's style of applying patches inline while documenting them by placing a copy of the patch in debian/patches). Thanks, and my apologies that this occurred; the krb5 security update was embargoed until today. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/874130 Title: Canonicalize fallback only works for different realm (MITKRB RT #6917) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/874130/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 874130] Re: Canonicalize fallback only works for different realm (MITKRB RT #6917)
** Patch added: krb5_1.9.1+dfsg-1ubuntu2.1.debdiff https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/874130/+attachment/2559171/+files/krb5_1.9.1%2Bdfsg-1ubuntu2.1.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/874130 Title: Canonicalize fallback only works for different realm (MITKRB RT #6917) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/874130/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852871] Re: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability
Thanks for reporting this issue. It has been addressed in Ubuntu 10.10 (maverick) and newer. For Ubuntu 10.04 LTS (lucid), I'll be applying the upstream fix for it. For Ubuntu 8.04 LTS (hardy), upstream never fixed this issue in the php 5.2 branch, and backporting the fix is non-trivial and thus has a non-trivial amount of risk to it, while the issue in question is of relatively low risk; it requires a malicious php script in place on the server. Thus this will not be fixed for 8.04. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852871 Title: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852871/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
Thanks for reporting this issue. This issue only affects Ubuntu 8.04 LTS, despite what the securityfocus link above says. It will be addressed in a forthcoming php update. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852871] Re: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability
** Changed in: php5 (Ubuntu) Status: Confirmed = Fix Released ** Changed in: php5 (Ubuntu Hardy) Status: New = Won't Fix ** Changed in: php5 (Ubuntu Hardy) Importance: Undecided = Low ** Changed in: php5 (Ubuntu Lucid) Status: New = In Progress ** Changed in: php5 (Ubuntu Lucid) Importance: Undecided = Low ** Changed in: php5 (Ubuntu Lucid) Assignee: (unassigned) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852871 Title: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852871/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
** Changed in: php5 (Ubuntu) Status: Confirmed = Fix Released ** Changed in: php5 (Ubuntu Hardy) Status: New = In Progress ** Changed in: php5 (Ubuntu Hardy) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Hardy) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 871673] Re: APR apr_fnmatch() Denial of Service Vulnerability
Thanks for reporting this issue, which is CVE-2011-0419. It's a vulnerability in apache's apr library, which in Ubuntu is shipped in the separate 'apr' source package, and the apache packages links against it. It was addressed in USN-1134-1 http://www.ubuntu.com/usn/usn-1134-1. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0419 ** Changed in: apache2 (Ubuntu) Status: New = Invalid ** Also affects: apr (Ubuntu) Importance: Undecided Status: New ** Changed in: apr (Ubuntu) Status: New = Fix Released ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/871673 Title: APR apr_fnmatch() Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871673/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852865] Re: strrchr() functions information leak
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-2484 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852865 Title: strrchr() functions information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852865/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852868] Re: php5 var_export() information leak
Thanks for reporting this issue; however, it was already addressed in USN 989-1: http://www.ubuntu.com/usn/usn-989-1/. ** Changed in: php5 (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852868 Title: php5 var_export() information leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852868/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852910] Re: PHP Magic Quotes Fails to Protect mysqli_fetch_assoc
Thanks for teporting this issue. PHP in Ubuntu uses libmysqlclient, not mysqlnd, and thus was not affected by this vulnerability. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4700 ** Changed in: php5 (Ubuntu) Status: Confirmed = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852910 Title: PHP Magic Quotes Fails to Protect mysqli_fetch_assoc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852910/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 852885] Re: PHP rfc1867_post_handler File Path Injection Vulnerability
*** This bug is a duplicate of bug 813115 *** https://bugs.launchpad.net/bugs/813115 Thanks for reporting this issue. It had already been reported as bug 813115, which is in progress and which I'm marking this a duplicate of. Please address all further comments around this vulnerability there. ** This bug has been marked a duplicate of bug 813115 CVE-2011-2202 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/852885 Title: PHP rfc1867_post_handler File Path Injection Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852885/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813115] Re: CVE-2011-2202
Angel, Thanks, these debdiffs look good, I'll incorporate them as there are other open CVEs for php5 that need to be addressed (see http://people.canonical.com/~ubuntu-security/cve/pkg/php5.html ). Assigning to myself. ** Changed in: php5 (Ubuntu Hardy) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Lucid) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Maverick) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Natty) Assignee: (unassigned) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813115 Title: CVE-2011-2202 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813115/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 839569] Re: Apache2 is still Range header DoS vulnerable if gzip compression is enabled
Paweł and Upen, thanks for following up. Based on your comments, I'm going to close this bug report; please re-open it if you find any evidence that suggests the fix for CVE-2011-3192 is incomplete. Stefan, thanks for chiming in. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3192 ** Changed in: apache2 (Ubuntu) Status: Incomplete = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/839569 Title: Apache2 is still Range header DoS vulnerable if gzip compression is enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/839569/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 839569] Re: Apache2 is still Range header DoS vulnerable if gzip compression is enabled
Paweł, Can you confirm that sending a request with an overlapping byte range e.g.: HEAD / HTTP/1.1 Host: localhost Range:bytes=1-15,10-35,8-9,14-22,0-5,23- Accept-Encoding: gzip Connection: close returns 200 OK? Perhaps you could report what modules you have loaded? apache2ctl -t -D DUMP_MODULES will do it. I'm going to leave this bug open and make it public, as I've received another report via email of a lucid user claiming that the update didn't help their system, either, and if possible, I'd like them to chime in here, too. ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/839569 Title: Apache2 is still Range header DoS vulnerable if gzip compression is enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/839569/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 837991] Re: Update apache2 to 2.2.19-2 to fix CVE-2011-3192
Attached is a debdiff for the merge of apache 2.2.20-1 (I was unable to do this via bzr due to bug 842144). I've verified that the package builds on i386 and amd64 and ran the lp:qa-regression-testing tests against that package, and confirmed that no regressions occur. ** Description changed: CVE-2011-3192 relates to an exploit in Apache that could cause Denial of Service through use of excess range headers. Debian has released an update that fixes this problem (apache2 2.2.19-2) - http://security-tracker.debian.org/tracker/CVE-2011-3192 + + Debian version 2.2.20-1 includes the upstream fix for CVE-2011-3192 as + well as a fix for a regression introduced by that fix + (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639825). Both 2.2.19-2 + and 2.2.20-1 are bugfix-only releases: + + +apache2 (2.2.20-1) unstable; urgency=low + + + + * New upstream release. + + * Fix some regressions related to Range requests caused by the CVE-2011-3192 + +fix. Closes: #639825 + + * Add build-arch and build-indep rules targets to make Lintian happy. + + * Bump Standards-Version (no changes). + + + + -- Stefan Fritsch s...@debian.org Sun, 04 Sep 2011 21:50:22 +0200 + + + +apache2 (2.2.19-2) unstable; urgency=high + + + + * Fix CVE-2011-3192: DoS by high memory usage for a large number of + +overlapping ranges. + + * Reduce default KeepAliveTimeout from 15 to 5 seconds. + + * Use linux-any in build-deps. Closes: #634709 + + * Improve reload message of a2enmod. Closes: #639291 + + * Improve description of the prefork MPM. Closes: #634242 + + * Mention .conf files in a2enmod man page. Closes: #634834 + + + + -- Stefan Fritsch s...@debian.org Mon, 29 Aug 2011 17:08:17 +0200 + + and the upstream revision 2.2.20 is a bugfix only release as well, see: + http://www.apache.org/dist/httpd/CHANGES_2.2.20 + + There is one user (sysadmin) visible change in 2.2.19-2 to the a2enmod + command's output: + + -info(To to activate the new configuration, you need to run:\n /etc/init.d/apache2 $reload\n) + +info(To activate the new configuration, you need to run:\n service apache2 $reload\n) + + I've verified that the output string does not show up in the current + version of the Ubuntu Server Guide, and contacted the person working on + the apache portion of the Ubuntu Server Guide according to + http://pad.ubuntu.com/serverguide , Gary Roberts + (https://launchpad.net/~ag1t) and confirmed that this change does not + interfere with his intended updates. ** Summary changed: - Update apache2 to 2.2.19-2 to fix CVE-2011-3192 + Please merge apache2 2.2.20-1 to fix CVE-2011-3192+regressions ** Patch added: apache2_2.2.20-1ubuntu1.debdiff https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/837991/+attachment/2362702/+files/apache2_2.2.20-1ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/837991 Title: Please merge apache2 2.2.20-1 to fix CVE-2011-3192+regressions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/837991/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 837991] Re: Please merge apache2 2.2.20-1 to fix CVE-2011-3192+regressions
And here is the debdiff of 2.2.20-1ubuntu1 against 2.2.20-1, to show just the ubuntu changes to the package. ** Patch added: apache2-2.2.20-1_2.2.20-1ubuntu1.diff https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/837991/+attachment/2362703/+files/apache2-2.2.20-1_2.2.20-1ubuntu1.diff ** Changed in: apache2 (Ubuntu) Milestone: None = ubuntu-11.10-beta-2 ** Changed in: apache2 (Ubuntu) Importance: Undecided = High ** Changed in: apache2 (Ubuntu) Status: Confirmed = In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/837991 Title: Please merge apache2 2.2.20-1 to fix CVE-2011-3192+regressions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/837991/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 769354] Re: elinks accepts self-signed ssl certificates without warning
** This bug has been flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to elinks in Ubuntu. https://bugs.launchpad.net/bugs/769354 Title: elinks accepts self-signed ssl certificates without warning To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/769354/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs