I do not have any running Ubuntu machines any more, but on Debian
Bullseye with
ii xserver-xorg-core2:1.20.10-3
amd64Xorg X server - core server
the crash does not happen any more, neither running just X or Xorg
-configure.
So unless this was a bug specific to
Public bug reported:
Following minimal test case crashes qemu-system-i386 on amd64 host:
qemu-system-i386 -name test -nodefconfig -no-user-config -nodefaults
-sandbox off -machine none -m 256 -balloon none -no-acpi -parallel none
-vga virtio -display "vnc=unix:vnc.socket" -boot menu=on
and open
Public bug reported:
Trying to get "Xorg -configure" working again to create a monolithic
configuration file for automated distribution (the "Xorg: No devices to
configure. Configuration failed." problem with -configure mentioned in
forums), I moved away /usr/share/X11/xorg.conf.d to get rid of
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2854
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2853
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2856
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1529486
Title:
pt_chown arbitrary pts access via user namespace
To manage
Done: Is is public via http://www.openwall.com/lists/oss-
security/2016/01/21/7 anyway.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
Done: Is is public via http://www.openwall.com/lists/oss-
security/2016/01/21/7 anyway.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Public bug reported:
With -runas [user] and -sandbox on, qemu process will fail in the
process of dropping privileges. While setgid() is done (see below),
setuid() is not attempted. Instead process blocks waiting for a futex
never to come.
[pid 21769] +++ killed by SIGSYS +++
[pid 21767] <...
Public bug reported:
With -runas [user] and -sandbox on, qemu process will fail in the
process of dropping privileges. While setgid() is done (see below),
setuid() is not attempted. Instead process blocks waiting for a futex
never to come.
[pid 21769] +++ killed by SIGSYS +++
[pid 21767] <...
Public bug reported:
rsyslog won't start on fresh install of Ubuntu Wily
Starting program: /usr/sbin/rsyslogd -n
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1509589 might be
duplicate
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1509415
Title:
package rsyslog 8.12.0-1ubuntu2 failed to
A smaller solution without installing anything is to
export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libXpm.so.4
before starting bochs. Not clear, if this bug/solution only affects 32
or 64 bit systems.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I guess, I have an explanation for the bug and why it is emerging again
now and then.
...
The memory location 0x80(%rdi) is written only once, that revealed that the
libpoppler GlobalParams class constructor did not write it. In fact, the
constructor is never called. Instead of that, the xpdf
CVE-2011-3607 is fixed upstream in trunk, but not yet released:
http://svn.apache.org/viewvc?view=revisionrevision=1198940
Another CVE-2011-4415 was assigned by mitre to the resource consumption,
NULL-dereference issue
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4415
CVE-2011-3607 is fixed upstream in trunk, but not yet released:
http://svn.apache.org/viewvc?view=revisionrevision=1198940
Another CVE-2011-4415 was assigned by mitre to the resource consumption,
NULL-dereference issue
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4415
Information Joe Orton:
We'd prefer to discuss the appropriate fix for this on the public
mailing list, so could you publish your advisory as soon as is
convenient. We'll follow up with public discussion and patches as
appropriate.
Please use the CVE name CVE-2011-3607 for this issue.
Very
Information Joe Orton:
We'd prefer to discuss the appropriate fix for this on the public
mailing list, so could you publish your advisory as soon as is
convenient. We'll follow up with public discussion and patches as
appropriate.
Please use the CVE name CVE-2011-3607 for this issue.
Very
This discussion has some similarities to problems with fusermount
binary, see https://bugzilla.redhat.com/show_bug.cgi?id=651183 for good
arguments while fixing races there. Perhaps something could be reused,
or create a libsecuremount with workaround while linux (u)mount-syscalls
are problematic,
Public bug reported:
Apache 2.2.19 worker contains a TOCTOU problem when -FollowSymlinks is
configured, causing it to follow the link to any location. This does
only occur when a user other than www-data is allowed to modify parts of
the filesystem data currently served by apache, e.g. the user's
Public bug reported:
Apache 2.2.19 worker contains a TOCTOU problem when -FollowSymlinks is
configured, causing it to follow the link to any location. This does
only occur when a user other than www-data is allowed to modify parts of
the filesystem data currently served by apache, e.g. the user's
Public bug reported:
Binary package hint: vde2
The vde_plug (at least on ubuntu hardy) contains a bug, that is
triggered when a certain amount of encapsulated ether frame data
is sent to the plug in a specially timed manner. When the input
buffer is filled just with a single byte, vde_plug uses
** Description changed:
Binary package hint: vde2
The vde_plug (at least on ubuntu hardy) contains a bug, that is
triggered when a certain amount of encapsulated ether frame data
is sent to the plug in a specially timed manner. When the input
buffer is filled just with a single byte,
I tested again, it seems to be fixed (dependency added to xdm)
xdm package:
Depends: libc6 (= 2.11), libpam0g (= 0.99.7.1), libselinux1 (= 1.32),
libx11-6 (= 0), libxau6, libxaw7, libxdmcp6, libxext6 (= 0), libxft2 (
2.1.1), libxinerama1, libxmu6, libxpm4, libxrender1, libxt6, debconf (= 1.2.9)
This issue might have been fixed now. Although I still use the software
in the same way, I have not observed any problems since 2010-04-24.
Before that, problems occurred all 1-3h when using X+fvwm2.
From my logs:
pb201004241418 System upgrade:/b
# apt-get dist-upgrade
Reading package lists...
Public bug reported:
Binary package hint: fvwm
fvwm -r does not complain, that it cannot replace the running window
manager (fvwm started from by xdm via /usr/bin/ck-launch-session x
-window-manager), but attempt to replace running window manager causes
current window manager to terminate
Attached debugger to both old fvwm and new one.
Old one terminates normally (exit code 0)
New one (started with fvwm2 --debug --debug-stack-ring) does not write
any message to stderr/stdout, just terminates with exit status 1.
--
fvwm -r just terminates the current window manager, replace
Public bug reported:
Binary package hint: fvwm
Not clear if problem lies within fvwm, xserver or libraries, so
I report it here first, perhaps someone can give hints where to
look or what to try next time.
Symptoms:
* 100% CPU-load, 70% in xserver, 30% in fvwm
* Mouse can move, but xterm stays
Public bug reported:
Binary package hint: netcat
Lucid lynx ended up with both netcat.traditional and netcat.openbsd
installed. It seems that this occured during today's update:
The following NEW packages will be installed:
iso-codes librasqal2 linux-image-2.6.32-12-generic netcat-openbsd
Also happens with sun java 6: gdb --args /usr/bin/java on hardy lts with
sun java6 SE
Could it be related to
if (stop_soon == STOP_QUIETLY || stop_soon == NO_STOP_QUIETLY)
{
resume (0, TARGET_SIGNAL_0);
which sounds like true || false, while further down the code the
Installation of x11-xserver-utils fixed following problems:
* Final login window was ugly black/white without logo or header, with
utils installed it looks ok
* Ctrl-R did not work, instead two chars (rectangle+r) were printed
in text field. Now Ctrl-R works, but there is still a strange
Public bug reported:
Binary package hint: xserver-xorg
Jaunty: Why dependency from xserver-xorg to hal?
I know, that most users will use both, but is there any technical
reason, why xserver should depend on hal? Mine is running with hal
daemon disabled, but packages not removed. Not tested if
Public bug reported:
With jaunty debootstrap install from 20090414, xdm+fvwm2 gives error
after login (plain black/white) X-Tookit popup:
xrdb command not found, X session not merged
The command isn't installed, because there is no dependency from
xdm/fvwm2 but it seems that the program is
Public bug reported:
Binary package hint: libc6
It seems that even very simple regular expressions can be used to
consume large amounts of memory and CPU resources in the
re_compile_pattern function of libc. I know that this might be the side-
effect of a feature needed for normal regex parsing
33 matches
Mail list logo