[Touch-packages] [Bug 1914839] Re: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically
This was fixed in ca-certificates version 20211016 which is what Jammy released with. As of today, all Ubuntu releases from Bionic onward ship 20230311 so marking as fix released. ** Changed in: ca-certificates (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1914839 Title: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically Status in ca-certificates package in Ubuntu: Fix Released Status in ca-certificates package in Debian: Fix Released Bug description: While upgrading the ca-certificates package, a process got the error: SSL_ca_file /etc/ssl/certs/ca-certificates.crt does not exist This file should be replaced atomically, with no time gap where the file does not exist. (I am flagging this as a security vulnerability because, while I did not experience any security issue, I can imagine at least the possibility of this being exploitable in some way in some circumstances.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1914839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1914839] Re: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically
** Changed in: ca-certificates (Ubuntu) Importance: Undecided => High ** Changed in: ca-certificates (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1914839 Title: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically Status in ca-certificates package in Ubuntu: Triaged Status in ca-certificates package in Debian: Fix Released Bug description: While upgrading the ca-certificates package, a process got the error: SSL_ca_file /etc/ssl/certs/ca-certificates.crt does not exist This file should be replaced atomically, with no time gap where the file does not exist. (I am flagging this as a security vulnerability because, while I did not experience any security issue, I can imagine at least the possibility of this being exploitable in some way in some circumstances.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1914839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1914839] Re: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically
** Changed in: ca-certificates (Debian) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1914839 Title: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically Status in ca-certificates package in Ubuntu: Confirmed Status in ca-certificates package in Debian: Fix Released Bug description: While upgrading the ca-certificates package, a process got the error: SSL_ca_file /etc/ssl/certs/ca-certificates.crt does not exist This file should be replaced atomically, with no time gap where the file does not exist. (I am flagging this as a security vulnerability because, while I did not experience any security issue, I can imagine at least the possibility of this being exploitable in some way in some circumstances.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1914839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1914839] Re: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically
** Changed in: ca-certificates (Debian) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1914839 Title: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically Status in ca-certificates package in Ubuntu: Confirmed Status in ca-certificates package in Debian: Fix Committed Bug description: While upgrading the ca-certificates package, a process got the error: SSL_ca_file /etc/ssl/certs/ca-certificates.crt does not exist This file should be replaced atomically, with no time gap where the file does not exist. (I am flagging this as a security vulnerability because, while I did not experience any security issue, I can imagine at least the possibility of this being exploitable in some way in some circumstances.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1914839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1914839] Re: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically
** Changed in: ca-certificates (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1914839 Title: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically Status in ca-certificates package in Ubuntu: Confirmed Status in ca-certificates package in Debian: New Bug description: While upgrading the ca-certificates package, a process got the error: SSL_ca_file /etc/ssl/certs/ca-certificates.crt does not exist This file should be replaced atomically, with no time gap where the file does not exist. (I am flagging this as a security vulnerability because, while I did not experience any security issue, I can imagine at least the possibility of this being exploitable in some way in some circumstances.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1914839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1914839] Re: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically
Ah yes, /usr/sbin/update-ca-certificates is deleting the ca- certificates.crt shortly before atomically moving the new version into place. It looks like a fic was committed in debian for this a couple of weeks ago: https://salsa.debian.org/debian/ca-certificates/-/commit/8f8f4a525bd6a6c8a8d13530cda194d60275313d but has not landed there. ** Bug watch added: Debian Bug tracker #920348 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920348 ** Also affects: ca-certificates (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920348 Importance: Unknown Status: Unknown ** Changed in: ca-certificates (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1914839 Title: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically Status in ca-certificates package in Ubuntu: Confirmed Status in ca-certificates package in Debian: Unknown Bug description: While upgrading the ca-certificates package, a process got the error: SSL_ca_file /etc/ssl/certs/ca-certificates.crt does not exist This file should be replaced atomically, with no time gap where the file does not exist. (I am flagging this as a security vulnerability because, while I did not experience any security issue, I can imagine at least the possibility of this being exploitable in some way in some circumstances.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1914839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1914839] Re: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1914839 Title: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically Status in ca-certificates package in Ubuntu: New Bug description: While upgrading the ca-certificates package, a process got the error: SSL_ca_file /etc/ssl/certs/ca-certificates.crt does not exist This file should be replaced atomically, with no time gap where the file does not exist. (I am flagging this as a security vulnerability because, while I did not experience any security issue, I can imagine at least the possibility of this being exploitable in some way in some circumstances.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1914839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp