[Touch-packages] [Bug 1822590] Re: Found storing user fingerprints without encryption

Incidentally, there's nothing for the AppArmor project to do here -- any confined program will include or not include the fingerprint data as specified in the profile. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ap

[Touch-packages] [Bug 1822590] Re: Found storing user fingerprints without encryption

I'll include as a comment my reply to an email from the reporter: Hello, Note that the Ubuntu security team considers fingerprints to be akin to usernames, rather than passwords. They cannot be changed, they are left on thousands of objects daily, and repeated demonstrations of sensors being 'foo

[Touch-packages] [Bug 1774857] Re: sort doesn't sort and uniq loses data for many non-Latin scripts on UTF-8 locales

Probably related: https://bugzilla.redhat.com/show_bug.cgi?id=1336308 and probably related: https://sourceware.org/git/?p=glibc.git;a=commit;h=b11643c21c5c9d67a69c8ae952e5231ce002e7f1 Thanks ** Bug watch added: Red Hat Bugzilla #1336308 https://bugzilla.redhat.com/show_bug.cgi?id=1336308 --

[Touch-packages] [Bug 1826429] Re: package apparmor 2.13.2-9ubuntu6 failed to install/upgrade: installed apparmor package post-installation script subprocess returned error exit status 1

Hello, this is pretty confusing: coreutils in both 18.10 and 19.04 have mv -Z support, so regardless of which coreutils package was unpacked at the time, the command should have succeeded. Could you do some investigation? which mv mv --help | grep Z ls -l `which mv` dpkg -S `which mv` debsums -as

[Touch-packages] [Bug 1814596] Re: DynamicUser can create setuid binaries when assisted by another process

Thanks Jann ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1814596 Title: DynamicUser can create setu

[Touch-packages] [Bug 1824724] Re: aa-logprof: german translation: ERROR: PromptUser: Ungültiges Tastenkürzel für V: Änderungen ansehen

** Also affects: language-pack-de-base (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to language-pack-de in Ubuntu. https://bugs.launchpad.net/bugs/1824724 Title: aa-logpr

[Touch-packages] [Bug 1824724] Re: aa-logprof: german translation: ERROR: PromptUser: Ungültiges Tastenkürzel für V: Änderungen ansehen

Hello German translators, what's involved in fixing translations and pushing an updated translation package to users? The new strings have broken some AppArmor utilities. I believe the lines that need fixing: language-pack-de_18.04+20190117/data/de/LC_MESSAGES/apparmor-utils.po:msgid "(V)iew Pro

[Touch-packages] [Bug 1824724] Re: aa-logprof: german translation: ERROR: PromptUser: Ungültiges Tastenkürzel für V: Änderungen ansehen

It looks like only the German translations broke the hotkeys. All the others in the apparmor-utils.po files I've got on my local Ubuntu mirror are either: - empty - translated I've prepared a small table for each string you selected to show which languages use empty strings, which languages use t

[Touch-packages] [Bug 1824724] Re: aa-logprof: german translation: ERROR: PromptUser: Ungültiges Tastenkürzel für V: Änderungen ansehen

** Also affects: ubuntu-translations Importance: Undecided Status: New ** Changed in: ubuntu-translations Assignee: (unassigned) => Ubuntu German Translators (ubuntu-l10n-de) ** Also affects: language-pack-de (Ubuntu) Importance: Undecided Status: New -- You received th

[Touch-packages] [Bug 1812316] Re: systemd: lack of seat verification in PAM module permits spoofing active session to polkit

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1812316 Title: systemd: lack of seat verification in PA

[Touch-packages] [Bug 1823862] Re: disco: unable to use iptables/enable ufw under -virtual kernel

** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1823862 Title: disco: unable to use iptables/enable uf

Re: [Touch-packages] [Bug 1823985] Re: isc-dhcp-server can't load leases file with apparmor enabled

On Wed, Apr 10, 2019 at 08:34:47AM -, Lars wrote: > [root@myhost:~]↥ 1 # namei -l /test/var/lib/dhcp/dhcpd.leases > f: /test/var/lib/dhcp/dhcpd.leases > drwxr-xr-x root root / > drwxr-xr-x dhcpd dhcpd test > drwxr-xr-x dhcpd dhcpd var > drwxr-xr-x dhcpd dhcpd lib > drwxr-xr-x dhcpd dhcpd dhcp

[Touch-packages] [Bug 1823862] Re: disco: unable to use iptables/enable ufw under -virtual kernel

** Changed in: linux (Ubuntu) Status: Incomplete => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1823862 Title: disco: unable to use iptables/enable ufw u

[Touch-packages] [Bug 1823862] Re: disco: unable to use iptables/enable ufw under -virtual kernel

** Description changed: + SRU Justification + + Impact: iptables does not work in disco with linux-virtual. + + Fix: Add bpfilter to the generic inclusion list. + + Regression Potential: There are no code changes and thus minimal + potential for regressions. + + Test Case: Verify that bpffilte

[Touch-packages] [Bug 1820114] Re: iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem

*** This bug is a duplicate of bug 1823862 *** https://bugs.launchpad.net/bugs/1823862 ** This bug has been marked a duplicate of bug 1823862 disco: unable to use iptables/enable ufw under -virtual kernel -- You received this bug notification because you are a member of Ubuntu Touch seede

[Touch-packages] [Bug 1823862] Re: disco: unable to use iptables/enable ufw under -virtual kernel

linux (Ubuntu) Importance: Undecided => High ** Changed in: linux (Ubuntu) Status: Confirmed => Incomplete ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Seth Forshee (sforshee) -- You received this bug notification because you are a member of Ubuntu Touch seeded pack

Re: [Touch-packages] [Bug 1823985] [NEW] isc-dhcp-server can't load leases file with apparmor enabled

On Tue, Apr 09, 2019 at 03:15:26PM -, Lars wrote: > I set a custom leases file in the dhcpd.conf: > lease-file-name "/test/var/lib/dhcp/dhcpd.leases"; > > and created a custom apparmor profile for that in > /etc/apparmor.d/local/usr.sbin.dhcpd: > /test/var/lib/dhcp/dhcpd{,6}.leases* lrw, >

[Touch-packages] [Bug 1794629] Re: CVE-2018-15473 - User enumeration vulnerability

Vital, just scanning version banners is what leads to this problem. Inspecting the package database would be far more reliable. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.

[Touch-packages] [Bug 1794629] Re: CVE-2018-15473 - User enumeration vulnerability

Root, that script is suitable for timing attacks against ssh. This issue is easier to use to enumerate users, but does require a different approach. There was a tool posted to oss-security for this: https://www.openwall.com/lists/oss-security/2018/08/16/1 Thanks -- You received this bug notifica

[Touch-packages] [Bug 1823422] Re: heimdal ftbfs in disco

Hmm, also ugly: test-normalize.c: In function ‘main’: test-normalize.c:159:49: warning: ‘__builtin___snprintf_chk’ output may be truncated before the last format character [-Wformat-truncation=] snprintf(longname, sizeof(longname), "%s/%s", srcdir, filename);

[Touch-packages] [Bug 1794629] Re: CVE-2018-15473 - User enumeration vulnerability

Root, aha! We've finally uncovered the root of the problem. (Sorry. I can't help myself. It's Friday afternoon.) While Qualys' TLS scanner is a top-notch tool that I use regularly, their "security scanner" is sadly not. They have built a tool that checks version numbers. This is not ideal, because

[Touch-packages] [Bug 1823202] Re: HOME points to something not owned by user in sudo

You should use sudo -i to get a clean root login without your local user configuration seeping into the shell. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1823202 Ti

[Touch-packages] [Bug 1823202] Re: HOME points to something not owned by user in sudo

This appears to be the missing context: ╭─rkm@Khadas ~ ╰─➤ sudo -s [oh-my-zsh] Insecure completion-dependent directories detected: drwxr-xr-x 11 rkm rkm 4096 Mar 30 19:19 /home/rkm/.oh-my-zsh drwxr-xr-x 266 rkm rkm 12288 Mar 30 19:19 /home/rkm/.oh-my-zsh/plugins drwxr-xr-x 2 rkm rkm 4096 M

[Touch-packages] [Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Steve Langasek has pointed out that I missed the point of the bug. I'm not comfortable with OPENSSL_TLS_SECURITY_LEVEL=0 in bionic. (Or, indeed, in cosmic either.) We shipped 18.04 LTS with OPENSSL_TLS_SECURITY_LEVEL=1, correct? I don't recall seeing more than a handful of complaints about securi

[Touch-packages] [Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

I'm slightly concerned about raising the TLS minimums in our next LTS release without some exposure to it in the 19.10 release. But this plan sounds better than waiting until 20.10 to raise the minimums -- and 19.10 may be too soon to take the step. But we don't have to decide on 19.10 defaults ju

[Touch-packages] [Bug 1794629] Re: CVE-2018-15473 - User enumeration vulnerability

Root, version 1:7.6p1-4ubuntu0.1 included the fix for CVE-2018-15473. Version 1:7.6p1-4ubuntu0.2 is included in the disc image ubuntu-18.04.2 -server-amd64: $ sha256sum ubuntu-18.04.2-server-amd64.iso a2cb36dc010d98ad9253ea5ad5a07fd6b409e3412c48f1860536970b073c98f5 ubuntu-18.04.2-server-amd64.

[Touch-packages] [Bug 1822370] Re: 19.04 beta openssh-client broken pipe

Hello, Are there any messages in dmesg that look related? Can you ping those hosts? Do you get ssh banners if you run: echo "" | nc x.x.x.x 22 ? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. htt

[Touch-packages] [Bug 1794629] Re: CVE-2018-15473 - User enumeration vulnerability

root, version 1:7.6p1-4ubuntu0.1 was published to the archive on November 6th 2018: https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1 https://lists.ubuntu.com/archives/bionic-changes/2018-November/017000.html https://usn.ubuntu.com/3809-1/ A default configuration of Ubuntu 18.04 LTS

[Touch-packages] [Bug 1822335] Re: test general

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1822335 Title: test general Status in xorg package in Ubuntu: Ne

[Touch-packages] [Bug 1794629] Re: CVE-2018-15473 - User enumeration vulnerability

root: sudo apt update && sudo apt upgrade Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1794629 Title: CVE-2018-15473 - User enumeration vulnerability Status in

[Touch-packages] [Bug 1807856] Re: During do-release-upgrade from 18.04 to 18.10: package lxd 3.0.2-0ubuntu1~18.04.1 failed to install/upgrade: new lxd package pre-installation script subprocess retur

I added apport for the python2 -> python3 bug. Thanks ** Also affects: apport (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/

[Touch-packages] [Bug 1818204] Re: Qualcomm Atheros QCA9377 wireless does not work

** Changed in: linux (Ubuntu) Status: Incomplete => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1818204 Title: Qualcomm Atheros QCA9377 wir

[Touch-packages] [Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)

I'm sorry Riccardo, I didn't notice the two separate BASH_CMDS issues when I filed the request. The only mention in the changelog is: > This document details the changes between this version, bash-4.4-beta2, > and the previous version, bash-4.4-rc1. >$ > [...] >$ > d. Fixed a bug that allowed as

[Touch-packages] [Bug 1821634] [NEW] BZ2_bzread: [...] Read error (-5: DATA_ERROR_MAGIC)

Public bug reported: I have apt configured to load a wide variety of sources; my apt is using a local squid-deb-proxy on the same system, and the source that is failing is hosted on an archive mirror on my LAN. Today I noticed unexpected results from apt-get update: # apt-get update Hit:1 http:/

[Touch-packages] [Bug 1803441] Re: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)

CVE-2019-9924 Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9924 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writa

[Touch-packages] [Bug 1821364] Re: xfce4 install on Ubuntu 18.04 has no polkit agent

** Package changed: dbus (Ubuntu) => xfce4 (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1821364 Title: xfce4 install on Ubuntu 18.04 has no polkit agent Status in

[Touch-packages] [Bug 1810241] Re: NULL dereference when decompressing specially crafted archives

Use CVE-2019-9923. Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9923 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tar in Ubuntu. https://bugs.launchpad.net/bugs/1810241 Title: NULL dereferen

[Touch-packages] [Bug 1594863] Re: OSK consideration for life cycle changes in unity8 windowed mode

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-keyboard in Ubuntu. https://bugs.launchpad.net/bugs/1594863 Title: OSK consideration for life cycle

Re: [Touch-packages] [Bug 1821052] Re: No connexion with mobile broadband

On Wed, Mar 20, 2019 at 07:25:35PM -, Edhelharn wrote: > My sources.list file (updated) : > > #deb http://fr.archive.ubuntu.com/ubuntu/ bionic main restricted > #deb http://fr.archive.ubuntu.com/ubuntu/ bionic-updates main restricted > #deb http://fr.archive.ubuntu.com/ubuntu/ bionic universe

[Touch-packages] [Bug 1821052] Re: No connexion with mobile broadband

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1821052 Title: No connexion with mobile broadba

[Touch-packages] [Bug 1819817] Re: package libselinux1:amd64 2.7-2build2 failed to install/upgrade: пакет libselinux1:amd64 2.7-2build2 не может быть настроен, так как libselinux1:i386 другой версии (

Hello, dpkg: ошибка при обработке пакета libselinux1:amd64 (--configure): пакет libselinux1:amd64 2.7-2build2 не может быть настроен, так как libselinux1:i386 другой версии (2.2.2-1ubuntu0.1) You have an i386 version of 14.04's libselinux1 installed and the upgrade tool tried to install the amd

Re: [Touch-packages] [Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

On Tue, Mar 12, 2019 at 04:05:45PM -, Dimitri John Ledkov wrote: > defaults. And all of them however have committed to drop support for > those in 2020. My expectation is to follow suit, and set default > security level to 2, and require TLS1.2 shortly after 19.10 release. Can you expand upon

[Touch-packages] [Bug 1818679] Re: package openssh-server 1:7.2p2-4ubuntu2.8 failed to install/upgrade: le sous-processus script post-installation installé a retourné une erreur de sortie d'état 1

Hello, can you please run this command and report back the results? ls -ld / Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1818679 Title: package openssh-server

[Touch-packages] [Bug 1818691] Re: package openssh-server 1:7.2p2-4ubuntu2.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

Hello, can you please run this command and report back the results? ls -ld / Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1818691 Title: package openssh-server

[Touch-packages] [Bug 1818564] [NEW] directory permission sanity checks

Public bug reported: Hello, we've received a surprising number of bug reports that include lines from ufw's sanity checks on / permissions are incorrect; it's been a recurring feature of systemd-tmpfiles bug reports as well. I think apport should include a similar report if / /etc /lib /usr /tmp

[Touch-packages] [Bug 1818548] [NEW] namei -l incorrect error message

Public bug reported: Hello, namei -l gives incorrect error messages if a directory is not readable: $ namei -l /etc/ssl/private/ssl-cert-snakeoil.key f: /etc/ssl/private/ssl-cert-snakeoil.key drwxr-xr-x root root / drwxr-xr-x root root etc drwxr-xr-x root root ssl drwx--x--- root ssl-

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Thu, Feb 28, 2019 at 04:08:09AM -, Edson José dos Santos wrote: > edson@edson-p6540br:~$ dmesg | grep DENIED > [ 58.334359] audit: type=1400 audit(1551326278.953:59): apparmor="DENIED" > operation="open" profile="/usr/lib/snapd/snap-confine" > name="/opt/eset/esets/lib/libesets_pac.so" p

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Thu, Feb 28, 2019 at 03:04:00AM -, Edson José dos Santos wrote: > Hello Arnold > unix, (connect, send, receive) peer = (addr="@2F746D702F65736574732E736F636B00*"), Excellent, here's the mistake. Remove everything after the comma: unix, Then try the reboot again. -- You received thi

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Wed, Feb 27, 2019 at 12:59:14PM -, Edson José dos Santos wrote: > Hi, Arnold > > At startup the error message is appearing in apparmor and I would like > to know how to generate a log to introduce them to you or just the boot > boot log. In the absence of this I got this other log, where it

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello snapd friends, Edson has an antivirus tool that requires all processes have write access to a unix domain socket. Adding a rule to /etc/apparmor.d/abstractions/base addressed many profiles but not snapd's snap-confine profile. What's the mechanism for admins to add local rules to this file?

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hi Edson.. so, the last idea I've got is: unix, in /etc/apparmor.d/abstractions/base Do the usual reload, and reboot if it worked, dance. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https:/

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Mon, Feb 18, 2019 at 02:45:16PM -, Edson José dos Santos wrote: > Line replaced successfully: > > From: unix (connect, send, receive) > peer=(addr="@2F746D702F65736574732E736F636B00*"), > > To: unix (connect, send, receive) peer = (addr = "@ > 2F746D702F65736574732E736F636B00 *"), Ah, s

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Mon, Feb 18, 2019 at 01:26:02PM -, Edson José dos Santos wrote: > Is it the same correct procedure? > > /etc/apparmor.d/abstractions/base file: > > unix (connect, send, receive) peer = (addr = "@ > 2F746D702F65736574732E736F636B00 *") > > Then sudo /etc/init.d/apparmor reload > If that ap

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Alright, I don't know why that line didn't work. Replace it with this one: unix, it's a lot more open than I'd like, but I don't know why the more specific rule didn't work. So, lets try this. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packag

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Edson, Are all those messages after adding this rule to your abstractions/base? unix (connect, send, receive) peer=(addr="@2F746D702F65736574732E736F636B00*"), Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ap

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Edson, thanks for the reply; can you re-run this command and paste back the results? dmesg | grep DENIED Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/157153

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Edson, Please add these lines to your /etc/apparmor.d/abstractions/base file: /etc/opt/eset/ r, /etc/opt/eset/** r, /opt/eset/esets/lib/** mr, unix (connect, send, receive) peer=(addr="@2F746D702F65736574732E736F636B00*"), Then sudo /etc/init.d/apparmor reload If that appeared to

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Edson, what's the output of: dmesg | grep DENIED Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1571531 Title: cupsd cause apparmor denials for /etc/ld.so.

[Touch-packages] [Bug 1816016] Re: package openssh-server 1:7.2p2-4ubuntu2.7 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

This message in your logs indicates that your system is improperly configured: WARN: uid is 0 but '/' is owned by 1000 I suggest heading to #ubuntu on irc.freenode.net or https://askubuntu.com to ask for help from someone. If you go to askubuntu, be sure to paste in the output of ls -l / . Thank

[Touch-packages] [Bug 1815415] Re: please update libseccomp for newer kernel syscalls

Thanks Christian, very thorough. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1815415 Title: please update libseccomp for newer kernel syscalls Status in libseccomp

Re: [Touch-packages] [Bug 1815415] Re: please update libseccomp for newer kernel syscalls

On Mon, Feb 11, 2019 at 07:38:28AM -, Christian Ehrhardt  wrote: > @Seth / @Tyler - Hi, you asked for the change, but I'd want to ask for > something as well :-) Do you have any testcases from your security work > that we could reuse here to check the SRU for SRU verificatio

[Touch-packages] [Bug 1815415] Re: please update libseccomp for newer kernel syscalls

Sorry about the question about s390 syscalls in unrelated syscall tables; that patch accurately reflected upstream's code. Looks good to me, thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https:

[Touch-packages] [Bug 1713435] Re: package openssh-server 1:7.2p2-4ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

Hi Michael, probably "new bug report" would have been the better choice. See if this will show you more details: journalctl -eu ssh Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launc

[Touch-packages] [Bug 1813833] Re: User without read permission on cron.allow can execute crontab

Hello Brandon, I wasn't able to use an untrusted user account to induce this behaviour. So, I'm making this bug public so that more people can be made aware of the misconfiguration that is being encouraged. It's unfortunate that the providers of this advice never actually tested it themselves. I

[Touch-packages] [Bug 1813833] Re: User without read permission on cron.allow can execute crontab

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cron in Ubuntu. https://bugs.launchpad.net/bugs/1813833 Title: User without read permission on cron.allow

[Touch-packages] [Bug 1814905] Re: dash exits when receiving wall message

Hello Imre, thanks for the report. I can't reproduce this issue myself, nor could I find anything in the source code that would suggest dash would try to quit. In fact I'm not even sure that dash knows that it's happened. Here's the tail end of strace output (run on the same terminal as dash, to f

[Touch-packages] [Bug 1814586] Re: package openssh-server 1:7.2p2-4ubuntu2.6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

The easiest way to get that is to unpack a tarball, zip, package, etc., using sudo. Chances are really good *other* files and directories also have incorrect owner or permissions. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subs

[Touch-packages] [Bug 1814895] Re: display blinking and showing content of screen on sleep mode

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1814895 Title: display blinking and showing content of scr

[Touch-packages] [Bug 1814124] Re: sshd does not start after update

Hello Wojciech, please make sure you're on a new enough version of OpenVZ's kernel, see https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1804847 comment #20 for more information. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1814501] Re: package libgssapi-krb5-2:amd64 1.16-2ubuntu0.1 failed to install/upgrade: függőségi hibák - e csomag beállítatlan maradt

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1814501] Re: package libgssapi-krb5-2:amd64 1.16-2ubuntu0.1 failed to install/upgrade: függőségi hibák - e csomag beállítatlan maradt

Wild guessing here, please try: sudo apt-get install -f sudo apt-get install libk5crypto3:amd64 libk5crypto3:i386 sudo dpkg --configure -a then try again. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubun

[Touch-packages] [Bug 1814443] Re: random freeze

Hello, it looks like you've installed stuff from https://launchpad.net/~oibaf/+archive/ubuntu/graphics-drivers -- you should probably contact them for help. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubunt

[Touch-packages] [Bug 1814443] Re: random freeze

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1666203] Re: pam_tty_audit failed in pam_open_session

Hello Don, probably an SRU sponsor would like the debdiff to include references where to find the patch that you applied in upstream sources or other bug reports. The usual way to do so is via a Description: and Origin: header in the patch, see https://dep- team.pages.debian.net/deps/dep3/ for more

[Touch-packages] [Bug 1812247] Re: ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation

schamane, thanks for reporting back your success. I've seen this question asked a dozen times and never seen an answer documented. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchp

[Touch-packages] [Bug 1813076] Re: goa crashes when trying to authenticate against google & DUO

Excellent question. If we lie about the version of Safari it might cause other tools to emit HTML etc that it can't parse. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscrib

[Touch-packages] [Bug 1812984] Re: package ca-certificates 20170717~14.04.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128

** Also affects: debconf (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1812984 Title: package ca-certificates

[Touch-packages] [Bug 1804847] Re: systemd=229-4ubuntu21.8 use of fchownat failes on some systems (openvz)

Hello Carlos, the OpenVZ team was kind enough to backport the necessary kernel feature in November last year. After a month and a half we decided that enough time had elapsed for OpenVZ-based service providers to install new kernels. If your provider has not yet rebooted into a new OpenVZ kernel I

Re: [Touch-packages] [Bug 1811248] Re: systemd--networkd mounts denied for lxc guest

On Fri, Jan 11, 2019 at 02:36:30AM -, km wrote: > profile="lxc-container-default-cgns" > > profile lxc-container-default-cgns > flags=(attach_disconnected,mediate_deleted) { > #include > > # the container may never be allowed to mount devpts. If it does, it > # will remount the host'

[Touch-packages] [Bug 1811248] Re: systemd--networkd mounts denied for lxc guest

Could you add to this bug which mount flags are being used by the mount(2) system call that's failed and which mount rules are in the profile? I couldn't find either information in the linked bugs. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packa

[Touch-packages] [Bug 1811051] Re: lxc-templates: too many senseless dependencies

** Package changed: apparmor (Ubuntu) => lxc-templates (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1811051 Title: lxc-templates: too many senseless dependenci

[Touch-packages] [Bug 1810458] Re: do-release-upgrade fails with "No such file or directory: 'gpg'"

** Package changed: apparmor (Ubuntu) => ubuntu-release-upgrader (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1810458 Title: do-release-upgrade fails with "No

[Touch-packages] [Bug 1810183] Re: numpad on touchpad doesn't work in ASUS Zenbook 14

** Information type changed from Private Security to Public ** Package changed: alsa-driver (Ubuntu) => ubuntu -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1810183 Ti

[Touch-packages] [Bug 1809053] Re: package openssh-server 1:7.6p1-4ubuntu0.1 failed to install/upgrade: installed openssh-server package post-installation script subprocess was killed by signal (Abort

This is sure surprising: (frontend:26097): Pango-WARNING **: 01:57:45.798: font_face status is: out of memory ... Gtk:ERROR:../../../../gtk/gtkiconhelper.c:494:ensure_surface_for_gicon: assertion failed (error == NULL): Failed to load /usr/share/icons/Humanity/status/48/imag

[Touch-packages] [Bug 1808493] Re: Let's Encrypt CA Root Certificates missing

Thanks, I'll mark it "invalid" to take it off our radar again. ** Changed in: ca-certificates (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bu

[Touch-packages] [Bug 1808806] Re: ????

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1808806 Title: Status in xorg package in Ubuntu: New Bug d

[Touch-packages] [Bug 1808493] Re: Let's Encrypt CA Root Certificates missing

Hello Oliver, could you please run the following? ls -l /etc/ssl/certs/ISRG_Root_X1.pem /usr/share/ca- certificates/mozilla/ISRG_Root_X1.crt (The first file should be a symbolic link to the second file.) I find the version on my system is identical to the version on the letsencrypt website, with

Re: [Touch-packages] [Bug 1805543] [NEW] Packaged version of iptables doesn't provide --random-fully flag.

On Wed, Nov 28, 2018 at 02:47:10AM -, Paul D wrote: > feature yet. Specifically, it's introduced in this commit on the > iptables codebase: > https://git.netfilter.org/iptables/commit/?id=8b0da2130b8af3890ef20afb2305f11224bb39ec. I think this relies upon this kernel feature: commit 34ce32401

Re: [Touch-packages] [Bug 1727202] Re: [17.10 regression] AppArmor ntp denial: Failed name lookup - disconnected path

g more constraints. So safe from that POV.  * OTOH one could think this might be a security issue, but in fact this    isn't a new suggestion if you take a look at [1] with an ack by Seth of    the Security Team. [Other Info]  * n/a [1]: https://lists.ubuntu.com/archives

[Touch-packages] [Bug 1727202] Re: [17.10 regression] AppArmor ntp denial: Failed name lookup - disconnected path

issue, but in fact this    isn't a new suggestion if you take a look at [1] with an ack by Seth of    the Security Team. [Other Info]  * n/a [1]: https://lists.ubuntu.com/archives/apparmor/2015-May/007858.html Merely installing and starting ntp.service in Ubuntu 17.10 no

[Touch-packages] [Bug 1804847] Re: systemd=229-4ubuntu21.8 use of fchownat failes on some systems (openvz)

I'm also curious what filesystems are showing this issue. If you're affected can you please run this command and include the results here? mount | grep run Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ub

[Touch-packages] [Bug 1804076] Re: Xorg freeze

You may need to contact Sophos for support. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1804076 Title: Xorg freeze Status in xorg package in Ubuntu: New Bug de

[Touch-packages] [Bug 1804076] Re: Xorg freeze

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

[Touch-packages] [Bug 1803915] Re: nose

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privile

Re: [Touch-packages] [Bug 1802498] Re: AppArmor - Error Messages log files - Mensagens de Erro arquivos de log

On Wed, Nov 14, 2018 at 09:03:13AM -, Rami Hakim wrote: > When ESET v4 was released , AppArmor wasn't available back in the time > it wasn't developed yet. While ESET the company predates AppArmor, AppArmor predates this specific version of ESET NOD32 :) https://web.archive.org/web/281816

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Sat, Nov 10, 2018 at 06:35:10PM -, Edson José dos Santos wrote: > How do I run this: "/tmp/esets.sock rw" since Eset is already installed? > > The same happens to this: to the /etc/apparmor.d/abstractions/base file > and run: > > This I run it: sudo systemctl reload apparmor > > I am a be

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Edson, you have a different issue. If you want to use ESET then you should add: /tmp/esets.sock rw, to the /etc/apparmor.d/abstractions/base file and run: sudo systemctl reload apparmor Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, w

[Touch-packages] [Bug 1802038] Re: package openssh-server 1:7.6p1-4ubuntu0.1 failed to install/upgrade: installed openssh-server package post-installation script subprocess returned error exit status

This looks like the source of the trouble: Nov 06 21:09:57 kjhsdgf-ubu sshd[15085]: /etc/ssh/sshd_config line 125: Subsystem 'sftp' already defined. I hope this helps. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1801410] Re: Icons.keep.flashing

Ow, this looks painful: [ OK ] Started Disk Manager. Starting Firmware update daemon... [ ***] (2 of 3) A start job is running for Firmware update daemon (2s / 1min 30s) [ *** ] (3 of 3) A start job is runni

[Touch-packages] [Bug 1800309] Re: not installed during update to ubuntu 18

Hello, please note that you may have a hardware issue, your CPUs are overheating a lot. Try cleaning the fans, heatsinks, etc. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/

<    1   2   3   4   5   6   7   8   9   10   >