** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918960
Title:
kernel does not honor mokx revocations, allowing kexec lockdown bypa
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
** Package changed: linux-signed-hwe-5.8 (Ubuntu) => linux-hwe-5.8
(Ubuntu)
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915118
Title:
"
https://lore.kernel.org/lkml/1884195.1615482...@warthog.procyon.org.uk/
is still not upstream.
https://lore.kernel.org/lkml/20210312171232.2681989-1-...@digikod.net/
may also be worth watching.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26541
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918960
Titl
I have pushed the focal update to the security-proposed ppa at
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages ; any testing that anyone could
give once it is done building would be appreciated.
Thanks!
--
You received this bug notification because you are a member
Hey Etienne,
Thanks for submitting the debdiff. I'm taking a look in more detail, but
on first glance it looks good to me. If all goes well, I'll push it up
to our security-proposed in a bit.
** Changed in: shibboleth-sp (Ubuntu)
Assignee: (unassigned) => Steve Beattie (sbeat
Thanks for the report. Making this public to get the Desktop team to
take a look at this.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
This was addressed in https://ubuntu.com/security/notices/USN-4891-1 .
** Information type changed from Private Security to Public Security
** Changed in: openssl (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Hey Milfred, sorry you are hitting this issue.
What Ubuntu release is this? And can you confirm that the desktop
envirnment you're using is the Ubuntu desktop, and not something else?
Thanks.
** Package changed: ubuntu => gdm3 (Ubuntu)
** Information type changed from Private Security to Public
*** This bug is a duplicate of bug 1532508 ***
https://bugs.launchpad.net/bugs/1532508
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
Relevat bits from UbiquitySyslog
Mar 28 10:33:20 ubuntu grub-installer: info: Installing grub on '/dev/sdb'
Mar 28 10:33:20 ubuntu grub-installer: info: grub-install does not support
--no-floppy
Mar 28 10:33:20 ubuntu grub-installer: info: Running chroot /target
grub-install --force "/dev/sdb"
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thank you for using Ubuntu and taking the time to report a bug. Your
report should contain, at a minimum, the following information so we can
better find the source of the bug and work to resolve it.
Submitting the bug about the proper source package is essential. For
help see https://wiki.ubuntu.
Hello, sorry you are having this issue.
Unfortunately I am unable to reporduce this, with samba 2:4.11.6+dfsg-
0ubuntu1.6 from focal, either by applying iptables rules manually or
enabling firewall rules with ufw:
$ sudo iptables -D INPUT -i lo -j LOG
$ sudo iptables -L INPUT -n
Chain INPUT
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1921941
Title:
samba install flushes iptables and sets all chains to policy accept
Ack by the Ubuntu Security team to move rsyslog-gnutls to main, both for
hirsute, and for bionic, focal, and groovy. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/388605
Title:
[MIR] rsyslog
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1919285
Title:
Nvidia
To manage notifications about this bug go to:
https://bugs.launchpad.
Thanks for pointing that out, Krzysztof.
Seth, the reason that I limited the bug report to ppc64 is that Ubuntu
16.04 LTS with its 4.4 based kernel was the last release we supported
32bit powerpc platforms.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is s
I reviewed libmd 1.0.3-3build1 as checked into hirsute. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
libmd is a small library of message digest aka hash functions.
- No CVE history.
- No non-essential build-depends.
- No pre/post inst/rm scripts, only a
I reviewed libnginx-mod-http-geoip2/nginx 1.18.0-6ubuntu4 (aka
http-geoip2 3.3 upstream) as checked into hirsute. This shouldn't
be considered a full audit but rather a quick gauge of maintainability.
libnginx-mod-http-geoip2 is an nginx module registers variables on the
connection based on the p
I have successfully tested these grub2 updates on groovy, focal, bionic,
and xenial bare metal machines with efi + secure boot, as well as a
bionic efi system with secure boot disabled. All worked and things like
grub menus continued to work.
On trusty/esm with the grub packages from esm-infra-sec
Attaching the generated /boot/grub/grub.cfg
** Attachment added: "trusty-ESM-grub.cfg"
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1917529/+attachment/5472023/+files/trusty-ESM-grub.cfg
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
(same grub.cfg is generated with either sets of grub packages installed)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917529
Title:
grub2-efi-amd64-signed 1.164+2.04-1ubuntu42 fails to display boo
Public bug reported:
Attempting to boot under secure boot/uefi on trusty ESM with the
following packages installed:
$ dpkg -l 'grub*' | grep ^ii
ii grub-common2.02~beta2-9ubuntu1.22 amd64GRand Unified
Bootloader (common files)
ii grub-efi-amd64 2.04-1ubuntu42
Public bug reported:
Several security issues were announced on 2021-03-02, see
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021
for details.
As part of this update, a large number of changes were incorporated,
both in grub2 and how it is packaged. Updates will initiall
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1916893
Title:
Regression - upate python2.7 for cover CVE-2021-3177 modifying unico
Oh, this was fixed in https://usn.ubuntu.com/usn/usn-4657-1,
https://usn.ubuntu.com/usn/usn-4658-1,
https://usn.ubuntu.com/usn/usn-4659-1, and
https://usn.ubuntu.com/usn/usn-4660-1 . Marking fix released.
Thanks.
** Information type changed from Private Security to Public Security
** Changed i
I reviewed libdeflate 1.7-1 as checked into hirsute. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
libdeflate is a compression/decompression library for the Deflate
compression algorithm, along with associated command line tools. It is
written in C and doe
Precise has intel-microcode 0.20140624-p-1ubuntu1, closing that task.
** Changed in: intel-microcode (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.
Upstream issue: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7
and associated fix https://gitlab.gnome.org/GNOME/gnome-
autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429
Given that this is public upstream, I'm going to open this issue ap as
well.
** Bug watch added: gitlab.gnome.or
Hello Yiğit,
Sorry for the delay in responding to this issue. This issue was
originally identified as CVE-2015-1197 and fixed around the same time
frame. It was addressed in upstream cpio commit
https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca
in a dif
** Changed in: firefox (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910518
Title:
Mozilla Firefox / Firefox ESR Arbitrary Code Execution Vulnerability;
Hello Dimitri,
The source of this is that the linux-aws (and some other cloud-specific)
kernels do not have CONFIG_MICROCODE_OLD_INTERFACE enabled, while they
are enabled in the generic kernel configs.
For consideration, this is the kernel config documentation for this
option:
config MICROCODE
Hello Steve,
Thanks for reporting this issue. In this case, it is believed that the
vulnerability was introduced in screen 4.7.0 (via
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62
), and then fixed in 4.8.0. Ubuntu 18.04 and older versions of scre
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-9366
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915205
Title:
CVE-2020-9366
To manage notifications about this bug go to:
https
Hi Shoily,
Coming back around to this issue, it looks like
b431ef837e3374da0db8ff6683170359aaa0859c landed in focal in 5.4.0-49.53
and bionic in 4.15.0-119.120. I'm making this public as well as marking
it as fix released.
Thanks again for the report!
** Information type changed from Private Sec
Hi Adam,
Marking public given the public bug reports elsewhere.
It looks like upstream addressed this in network-manager 1.28, which has
not made it into Ubuntu yet.
** Information type changed from Private Security to Public Security
** Changed in: network-manager (Ubuntu)
Status: New =
Hi, it seems that for some reason cracklib has failed to generate
/var/cache/cracklib/cracklib_dict.pwd (or
/var/cache/cracklib/cracklib_dict.pwd.gz).
There is a daily cronjob that is supposed to regenerate
/var/cache/cracklib/cracklib_dict.pwd if the dictionaries it used as
input are newer. I'm n
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910220
Title:
Characters from dead keys shown in plan view in password field on
Hello,
Thanks for the report. This issue was addressed in
https://ubuntu.com/security/notices/USN-4687-1 .
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16044
** Information type changed from Private Security to Public Security
--
You received this bug notification because
This issue was addressed in
https://ubuntu.com/security/notices/USN-4691-1 .
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27827
** Changed in: openvswitch (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bu
** Package changed: ubuntu => subiquity (Ubuntu)
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910878
Title:
Ubuntu 21.04 QA Testing Ins
** Changed in: tar (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912091
Title:
Memory Leak GNU Tar 1.33
To manage notifications about this bug go to:
https:/
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912371
Title:
[MIR] flashrom
To manage notifications about this bug go to:
https://bugs.lau
** Summary changed:
- so broken is practically useless
+ light-locker fails to lock screen
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1913976
Title:
light-locker fails to lock screen
To
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1914228
Title:
the indicator light of the shift key works correctly but the change
Hi Dimitri, I don't know that all dkms SRUs need to go to the security
pockets, but ones that fix build issues surely do, given the problems
that a dkms build failure causes in package installs.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Ah yes, /usr/sbin/update-ca-certificates is deleting the ca-
certificates.crt shortly before atomically moving the new version into
place.
It looks like a fic was committed in debian for this a couple of weeks ago:
https://salsa.debian.org/debian/ca-certificates/-/commit/8f8f4a525bd6a6c8a8d13
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Hi, possibly you are facing a corrupted image or a hardware problem,
given:
Feb 8 21:46:53 ubuntu kernel: [ 687.895337] SQUASHFS error: zlib
decompression failed, data probably corrupt
Feb 8 21:46:53 ubuntu kernel: [ 687.895345] SQUASHFS error:
squashfs_read_data failed to read block 0x2
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for the report. From the advisory, this particular issue only
affected Firefox on Windows, so this should be a non-issue on Ubuntu:
"Note: This issue only affected Windows operating systems. Other
operating systems are unaffected."
** Information type changed from Private Security to Pu
For fixing this via an SRU for focal and groovy, the Ubuntu Security
team is okay with the result of this going to the security pocket,
assuming the update is built in a ppa where only security updates are
enabled.
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Hi Brian, thanks for preparing the debdiffs. I built, tested, and
published the updated tzdata packages to the trusty/esm and precise/esm
archives.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1913482
Hi,
The particular test that is timing out actually is supposed to emit
periodic output to stdout; it basically is running the test program from
kernel commit b4a1b4f5047e4f54e194681125c74c0aa64d637d 10 times and
attempts to emit a count every 1000 iterations, writing to and flushing
stdout.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1913392
Title:
Security Repository Doesn't Contain USN-4689-4 Fixed Kernel Version
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
** Summary changed:
- CONFIG_RANDOMIZE_BASE on powerpc / ppc64el
+ CONFIG_RANDOMIZE_BASE on ppc64el
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.lau
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1904082
Title:
apport's log collecting leaks MAC addresses maybe helping WiFi
att
** Information type changed from Private Security to Public Security
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
** Changed in: openssl (Ubuntu)
Status: New => Invalid
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1911211
Title:
Pleas
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Oh, I was expecting that it would also be desirable to SRU this back to
focal, as I expected CONFIG_SECURITY_DMESG_RESTRICT to come back with
the HWE kernels, but looking at the config for linux-hwe-5.8, it appears
that the old behavior was kept.
--
You received this bug notification because you
*** This bug is a duplicate of bug 1912122 ***
https://bugs.launchpad.net/bugs/1912122
** This bug has been marked a duplicate of bug 1912122
/var/log/dmesg is 0644, should be 0640 to match new DMESG_RESTRICT
restrictions
--
You received this bug notification because you are a member of
The Ubuntu Security team would like to see this fixed, though it
probably would be worth adding the following change to the service file
so that on log rotation the permissions are corrected as well:
-ExecStartPre=-/usr/bin/savelog -q -p -n -c 5 /var/log/dmesg
+ExecStartPre=-/usr/bin/savelog -m640
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1910608
Title:
openvswitch embedded code copy of lldpd is vulnerable to CVE-2015-80
Hi Brian,
Thanks for the trusty and precise debdiffs. I have gone ahead and
published the updates to trusty-esm and precise-esm, after verifying the
fixes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bug
I reviewed jq 1.6-2.1 as checked into hirsute. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
jq is a flexible command-line JSON processor. It ends up implementing
its own language for querying and manipulating JSON structures. As such,
there are times wher
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1895298
Title:
After tnstall the Ubuntu, I must disable the "Secure Boot " & " Fast
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872036
Title:
grub-customizer assert failure: grub-customizer:
../../src/xcb_io.c:260: poll_for_ev
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872831
Title:
grub-customizer crashed with SIGSEGV in
SettingsController::updateTimeoutSettingActi
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
** Changed in: linux (Ubuntu)
Status: Confirmed => Fix Released
** Information type changed from Private Security to Public Security
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16120
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
After confirming the behavior around SystemV timezones and changed
timezones, tzdata 2020d-0ubuntu0.12.04 and tzdata 2020d-
0ubuntu0.14.04+esm1 are now published in their respective ESM releases.
Thanks for preparing the updates, Brian!
** Changed in: tzdata (Ubuntu Precise)
Status: In Pro
Hey Vern,
Sorry you were having difficulties. 'sudo apt install -f' should cause
apt to attempt to finish installing packages that had problems during
the post install phase, where the error that is tripped over (like the
dangling symlink in /etc/ssl/certs) has been resolved.
** Changed in: ca-ce
Thanks Brian, these look good, will take these into Trusty and Precise
ESM.
(For the record, I noticed that the 2020d dropped the US/Pacific-New
timezone, which was a symlink to the US/Pacific timezone. Testing
demonstrated that a system with a configured Pacific-New timezone
functioned correctly
** Changed in: tzdata (Ubuntu Precise)
Status: New => In Progress
** Changed in: tzdata (Ubuntu Trusty)
Status: New => In Progress
** Changed in: tzdata (Ubuntu Precise)
Assignee: (unassigned) => Steve Beattie (sbeattie)
** Changed in: tzdata (Ubuntu Trusty)
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3374
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/856489
Title:
Improper verification of updated key via apt-key net-update
To man
I reviewed python-octavia-lib 2.2.0-0ubuntu1 as checked into groovy. This
shouldn't be
considered a full audit but rather a quick gauge of maintainability.
python-octavia-lib is a python3 library for developers writing Octavia
load balancer provider drivers.
- No CVE history.
- No concerning bu
I reviewed nvme-cli 1.12-1ubuntu1 as checked into groovy. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
nvme-cli is a set of command line tools for managing NVMe devices.
- No history of CVEs.
- No init scripts
- Four systemd units, that are used to trigg
That is correct (apparmor-notify package needs an added dependency on
python3-psutil). We have an upload in progress to address it.
Thanks!
** Changed in: apparmor (Ubuntu)
Status: New => In Progress
** Changed in: apparmor (Ubuntu)
Importance: Undecided => High
--
You received this
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1898742
Title:
Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerabi
For the record, the Ubuntu Security team signs off on the plan to vendor
the golang dependencies for the google-guest-agent and google-oslogin-
agent packages as they go through the MIR process, for the reasons given
above.
Thanks!
--
You received this bug notification because you are a member o
The fix for this is included in the apparmor 3.0.0~beta1-0ubuntu5 upload
into groovy-proposed, which is waiting to migrate to groovy.
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
** Changed in: apparmor (Ubuntu)
Status: Fix Released => Confirmed
** Changed in: ecryptfs-utils (Ubuntu)
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
Publication to focal-updates for nvidia-driver-440-server
440.95.01-0ubuntu0.20.04.1 and for groovy happened as well, closing
tasks.
** Changed in: nvidia-graphics-drivers-440-server (Ubuntu Focal)
Status: Fix Committed => Fix Released
** Changed in: nvidia-graphics-drivers-440-server (Ubu
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1883793
Title:
systemd-resolved leaks mDNS queries to DNS
To manage notifications
Closing ntp task for groovy.
** Changed in: ntp (Ubuntu)
Status: New => Invalid
** Changed in: openssl (Ubuntu Bionic)
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1891361
Title:
sshfs crashes entire Ubuntu 20.04.1 LTS system
To manage notification
This was addressed in bionic in
https://launchpad.net/ubuntu/+source/ark/4:17.12.3-0ubuntu1.1 and focal
in https://launchpad.net/ubuntu/+source/ark/4:19.12.3-0ubuntu1.1, and
covered in USN 4461-1.
Thanks for preparing the updates and helping to protect users,
vishnunaini!
** Changed in: ark (Ubun
** Also affects: ark (Ubuntu Bionic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1889672
Title:
KDE Project Security Advisory: Ark: maliciously crafted
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
vishnunaini, thanks for testing and the pointer to the reproducer.
I also went ahead and carried back the patch to bionic's ark as well,
and have uploaded it to the same ppa.
For xenial, the patch fails to apply because the passed archive entry
type is different, and it was not clear to me whethe
Thanks for preparing the debdiff and adding the ubuntu-security-sponsors
account; I'll be taking a look at this.
I've pushed the focal version to the ubuntu security proposed ppa
(https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa)
after adjusting the version to match the versioni
** Changed in: ark (Ubuntu Focal)
Assignee: (unassigned) => Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ark in Ubuntu.
https://bugs.launchpad.net/bugs/1889672
Title:
KDE Project Security Advisory:
201 - 300 of 11308 matches
Mail list logo