[Touch-packages] [Bug 1919977] Re: heap-buffer-overflow in old libwebp
Thank you for reporting this issue. Have you reported this to the upstream libwebp developers? If not, we encourage you to report it (you can do so here: https://bugs.chromium.org/p/webp/issues/list) and keep us in the loop if possible. Thank you ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libwebp in Ubuntu. https://bugs.launchpad.net/bugs/1919977 Title: heap-buffer-overflow in old libwebp Status in libwebp package in Ubuntu: New Bug description: I found an overflow error when testing the security of ImageMagick on ubuntu20.02. The error exists in the libwebp library, and the old version is used in the system source. When ImageMagick calls the libwebp library to parse the webp file, an overflow occurs. system info: Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal Edith by issues:https://github.com/ImageMagick/ImageMagick/issues/3403 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libwebp/+bug/1919977/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1891953] Re: CVE-2019-8936
Apologies for the delay on this, it fell off our radar but we're working on the Focal+ updates now. And no need for the separate Groovy debdiff, thanks Brian! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1891953 Title: CVE-2019-8936 Status in ntp package in Ubuntu: Confirmed Status in ntp source package in Bionic: Fix Released Status in ntp source package in Focal: Confirmed Status in ntp source package in Groovy: Confirmed Status in ntp package in Debian: Fix Released Bug description: It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service (crash). https://people.canonical.com/~ubuntu- security/cve/2019/CVE-2019-8936.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1891953/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1913666] [NEW] acl dropped in Focal server image
Public bug reported: The acl package is not shipped by default in the Focal server image (though it looks like libacl1 is still being shipped), it was last shipped in the Bionic server image. Just to double check, was dropping acl intentional? It is a reverse-dependency of LXD if that might be the explanation (as it's now shipped as a snap in Focal rather than the deb in Bionic)? And the same question applies to uidmap, another LXD dependency no longer shipped in the Focal server image. Thank you! ** Affects: acl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to acl in Ubuntu. https://bugs.launchpad.net/bugs/1913666 Title: acl dropped in Focal server image Status in acl package in Ubuntu: New Bug description: The acl package is not shipped by default in the Focal server image (though it looks like libacl1 is still being shipped), it was last shipped in the Bionic server image. Just to double check, was dropping acl intentional? It is a reverse-dependency of LXD if that might be the explanation (as it's now shipped as a snap in Focal rather than the deb in Bionic)? And the same question applies to uidmap, another LXD dependency no longer shipped in the Focal server image. Thank you! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/acl/+bug/1913666/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1895928] Re: Snap policy module fails to identify snaps if SCM_CREDENTIALS are missing from PA_COMMAND_AUTH request
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1895928 Title: Snap policy module fails to identify snaps if SCM_CREDENTIALS are missing from PA_COMMAND_AUTH request Status in pulseaudio package in Ubuntu: Fix Released Bug description: This bug was discovered while debugging the non-deterministic behaviour of the example program attached to bug 1886854. The snap policy module currently uses the credentials passed in an SCM_CREDENTIALS control message attached to the PA_COMMAND_AUTH request sent by the client. Credentials will only be attached to the message if at least one end of the connection has set the SO_PASSCRED socket option. In normal operation, both the client and server set SO_PASSCRED on their sockets, so this functions normally. The test program on the other bug used an alternative client library that didn't set SO_PASSCRED, which leads to a race between the client sending the PA_COMMAND_AUTH request and the server calling setsockopt(). If the client wins, the server will receive a message with an empty SCM_CREDENTIALS control message (pid=0, uid=65534, gid=65534). When the snap policy module gets these empty credentials, it would try to look up the confinement of pid 0. As there is no such process, the module decides that the client is not a snap. As any lookup via process ID is inherently racy, a better solution would be to use aa_getpeercon() to retrieve the client's security label in pa_native_protocol_connect(), and store it in the pa_client struct. We can then look up this in the policy module when it comes time to do the check. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1895928/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1904775] Re: software-properties-gtk hangs indefinitely if a single source server is down
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1904775 Title: software-properties-gtk hangs indefinitely if a single source server is down Status in software-properties package in Ubuntu: New Bug description: Since this prevents non-technical users from installing critical security updates and does not give them any useful information, I consider it a security issue. A single repository server is down and a bug in software-properties- gtk will prevent non-technical users to continue installing security updates. Example: The Darktable repository is currently offline: https://software.opensuse.org/download.html?project=graphics:darktable:stable=darktable Running sudo apt update clearly shows that one repository is offline. When I open Software Sources app (software-properties-gtk) and it starts to “Refresh Software Cache”, I expect the following: - software sources are being refreshed. - this might take a little longer than normal. - it throws an error and returns to the main screen. - the user can continue normally. In short: it should cope with a server being down. The actual behaviour: - refreshing takes forever. - Ubuntu throws an error saying it hit an error, asking to send the report about software-properties. - I have to manually force close the loading screen. - I can close the main window of software-properties. - when I launch "Software Sources" again, I get an empty square window. This should not happen when a server happens to be down. Running sudo apt update clearly shows that one repository is offline. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: software-properties-gtk 0.98.9.3 ProcVersionSignature: Ubuntu 5.4.0-54.60-generic 5.4.65 Uname: Linux 5.4.0-54-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.12 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: Budgie:GNOME Date: Wed Nov 18 19:59:49 2020 InstallationDate: Installed on 2020-11-18 (0 days ago) InstallationMedia: Ubuntu-Budgie 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731) PackageArchitecture: all SourcePackage: software-properties UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1904775/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1896774] Re: [ASUS UX430UQ] Headphone output stopped working after perfoming dist-upgrade
Hello, In AlsaInfo.txt, under `!!Amixer output`, the Master and Headphone audio output controls are set to off, a possible starting point for debugging this issue may be looking into trying to unset those. The file contents are just writing the output of `/usr/sbin/alsa-info.sh --stdout --no- upload`. For reference, this is part of the output from a Xenial system with working audio: https://pastebin.ubuntu.com/p/2nzBjfpC6C/ Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1896774 Title: [ASUS UX430UQ] Headphone output stopped working after perfoming dist- upgrade Status in alsa-driver package in Ubuntu: New Status in pulseaudio package in Ubuntu: New Bug description: # What happened: - Upgraded packages using: sudo apt-get update && sudo apt-get dist- upgrade - Following packages were installed: pulseaudio-utils:amd64 1:8.0-0ubuntu3.12 1:8.0-0ubuntu3.14 pulseaudio-module-x11:amd64 1:8.0-0ubuntu3.12 1:8.0-0ubuntu3.14 pulseaudio-module-bluetooth:amd64 1:8.0-0ubuntu3.12 1:8.0-0ubuntu3.14 pulseaudio:amd64 1:8.0-0ubuntu3.12 1:8.0-0ubuntu3.14 - Find the complete update log attached (dpkg.log written to update_log_23_09_20.txt) # Bug description: - Loudspeaker works fine. Inserting headphones is detected correctly in sound settings but no physical output is generated on the headphone port. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 4.15.0-118.119~16.04.1-generic 4.15.18 Uname: Linux 4.15.0-118-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.1-0ubuntu2.24 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: pascal 2210 F pulseaudio CurrentDesktop: Unity Date: Wed Sep 23 15:32:02 2020 InstallationDate: Installed on 2018-01-11 (986 days ago) InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:PCH failed Symptom_Card: Built-in Audio - HDA Intel PCH Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: pascal 2210 F pulseaudio Symptom_Jack: Black Headphone Out, Left Symptom_Type: No sound at all Title: [UX430UQ, Realtek ALC295, Black Headphone Out, Left] No sound at all UpgradeStatus: Upgraded to xenial on 2018-09-20 (734 days ago) dmi.bios.date: 07/05/2017 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: UX430UQ.302 dmi.board.asset.tag: ATN12345678901234567 dmi.board.name: UX430UQ dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: 1.0 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: ASUSTeK COMPUTER INC. dmi.chassis.version: 1.0 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrUX430UQ.302:bd07/05/2017:svnASUSTeKCOMPUTERINC.:pnUX430UQ:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnUX430UQ:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0: dmi.product.family: UX dmi.product.name: UX430UQ dmi.product.version: 1.0 dmi.sys.vendor: ASUSTeK COMPUTER INC. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1896774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1895839] Re: CVE-2020-24977
** Description changed: + GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read + vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 - Upstream patch: - https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 + Upstream patch: + https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 - GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read - vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. + Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: New Status in libxml2 package in Debian: Unknown Bug description: GNOME project libxml2 v2.9.10 and earlier have a global buffer over- read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1895839] Re: CVE-2020-24977
** Description changed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 + + GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read + vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: New Status in libxml2 package in Debian: Unknown Bug description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 GNOME project libxml2 v2.9.10 and earlier have a global buffer over- read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1884738] Re: Pulseaudio in Ubuntu 16.04 contains a potential double-free bug in Bluez 5 module
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1884738 Title: Pulseaudio in Ubuntu 16.04 contains a potential double-free bug in Bluez 5 module Status in pulseaudio package in Ubuntu: Fix Released Bug description: I've found a potential double-free bug in Ubuntu's SCO-over-PCM patch in PA. It creates code paths in pa__init() that will free the modargs twice in its failure handler and in pa__done() called from that handler. However, I can't find a way to trigger this with the current version of the code, as the failure mode of the code is pretty small. The way this bug surface is when I tried to fix the "profile" option in Pulseaudio for UBports' Ubuntu Touch, where I made it failed if the requested profile isn't supported, thus creating a failure mode that can trigger this. Side note: are you interested in this patch? The profile option in Xenial is currently not working, but I guess nothing in Ubuntu uses it. I've attached the patch which should fix the bug. I'm not sure if it worths SRU or not, so it's up to you. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1884738/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
