Public bug reported:
When sshd_config contains a comment of more than 1023 chars, it treats
char 1024+ as valid configuration. That usually breaks the config, or
(in case there accidentally is valid sshd_config syntax) is unwanted.
To verify the bug, apply appended patch to sshd_config (that
** Patch added: Prepends a comment longer than 1024 chars to sshd_config
https://bugs.launchpad.net/bugs/1023360/+attachment/3219642/+files/sshd_config-longcomment.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in
(Removed patch tag. It actually is a patch file, but only to
illustrate the bug, not to be applied to the source, it doesn't need
review)
** Tags removed: patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
The bug is present upstream as well, i filed it there too:
https://bugzilla.mindrot.org/show_bug.cgi?id=2025
** Bug watch added: OpenSSH Portable Bugzilla #2025
https://bugzilla.mindrot.org/show_bug.cgi?id=2025
--
You received this bug notification because you are a member of Ubuntu
Server
Upstream provided a patch (
https://bugzilla.mindrot.org/attachment.cgi?id=2174 ). It will go into
OpenSSH 6.1.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1023360
Title:
I ran into the same issue and only was lucky because i disable password
based ssh login on my machines.
This is a security issue, not wishlist, please change importance.
Insecure defaults must be changed or at least very prominently warned
about. Mentioning this behavior in the help page is not
Public bug reported:
Binary package hint: clamav
Tonight, two independent clamav-daemon installation died after clamav-
freshclam updated daily.cvd from 12660 to 12662. This currently stops
two MTAs from working.
* Ubuntu 8.04.4 LTS 32bit, fully updated
* clamav,
http://lurker.clamav.net/thread/20110210.220142.cd1f5f0d.en.html
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
https://bugs.launchpad.net/bugs/716767
Title:
clamav-daemon does not start because of Malformed
I bet many MTAs die tonight. E.g. that one http://hup.hu/node/99147
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
https://bugs.launchpad.net/bugs/716767
Title:
clamav-daemon does not start because of Malformed
OK, they published daily.cvd 12664 which works now, clamav-daemon starts
again.
Seems to have been an upstream problem at ClamAV which they fixed.
I assume you can close this ticket. Sorry for the noise.
--
You received this bug notification because you are a member of Ubuntu
Server Team,
Public bug reported:
This is for the Lucid wishlist, i hope it's correct to do it here:
Please upgrade Lucid's OpenSSH package to upstream's 5.4p1. It has some
very useful new features, e.g. a minimal certificate format, a netcat
mode and setting the umask for sftp-server (am waiting for a long
Colin: understood. But that means that LTS will lack those features for
another 2 years :( Particularly the certificate and the umask feature
are interesting for server installations.
--
Update to OpenSSH 5.4p1
https://bugs.launchpad.net/bugs/535029
You received this bug notification because you
Me too: Lucid 10.04 x32 on a MacBook 1.1.
The problem is heavy on the MacBook's touchpad (05ac:0218 Apple,
Inc.), but is not present with a (very old) USB IBM mouse (04b3:3107
IBM Corp. ThinkPad 800dpi Optical Travel Mouse)
I find the hypothesis quite convincing that it is common for mice to
+1
I am tired of pidgin and very interested in Empathy. But i depend on
OTR, so i cannot switch.
I know 5 others in my local geekosphere who have the same.
OTR is unaware of the layer below. That makes it clumsy or unelegant to
implement for an individual protocol like XMPP. But at the same
Public bug reported:
Binary package hint: trac-accountmanager
When trac-accountmanager is installed and enabled, login and password-
reset fail with
AttributeError: 'NoneType' object has no attribute 'encode'
This is a know bug which is fixed upstream, see http://trac-
hacks.org/ticket/6453.
The issue solved in Debian stable http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=572167 and therefore probably also in Maverick and
Natty which have already synced Debian's trac-
accountmanager-0.2.1+r7731-1.
Would be great if you could sync that down to lucid/universe or lucid-
I ran into the same issue and only was lucky because i disable password
based ssh login on my machines.
This is a security issue, not wishlist, please change importance.
Insecure defaults must be changed or at least very prominently warned
about. Mentioning this behavior in the help page is not
Public bug reported:
Binary package hint: clamav
Tonight, two independent clamav-daemon installation died after clamav-
freshclam updated daily.cvd from 12660 to 12662. This currently stops
two MTAs from working.
* Ubuntu 8.04.4 LTS 32bit, fully updated
* clamav,
I bet many MTAs die tonight. E.g. that one http://hup.hu/node/99147
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/716767
Title:
clamav-daemon does not start because of Malformed database daily.cvd
http://lurker.clamav.net/thread/20110210.220142.cd1f5f0d.en.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/716767
Title:
clamav-daemon does not start because of Malformed database daily.cvd
--
OK, they published daily.cvd 12664 which works now, clamav-daemon starts
again.
Seems to have been an upstream problem at ClamAV which they fixed.
I assume you can close this ticket. Sorry for the noise.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Public bug reported:
Binary package hint: cyrus-imapd-2.2
When imapd -s or pop3d -s hit maxchild, weird things happen:
* No warning about maxchild shows up in syslog's mail.debug;
* Clients do neither get a TCP reset nor a TLS error nor a IMAP error;
* After ages, the client gives up and
I filed it upstream too:
https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3207 Hope that is the
right thing to do ...?
** Bug watch added: bugzilla.andrew.cmu.edu/ #3207
https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3207
--
No/misleading log messages when maxchild is hit
Public bug reported:
This is for the Lucid wishlist, i hope it's correct to do it here:
Please upgrade Lucid's OpenSSH package to upstream's 5.4p1. It has some
very useful new features, e.g. a minimal certificate format, a netcat
mode and setting the umask for sftp-server (am waiting for a long
Colin: understood. But that means that LTS will lack those features for
another 2 years :( Particularly the certificate and the umask feature
are interesting for server installations.
--
Update to OpenSSH 5.4p1
https://bugs.launchpad.net/bugs/535029
You received this bug notification because you
James Holland wrote on 2010-06-23:
IMO tooltips here should be disabled completely as they give no useful
information.
+1
--
Tooltips stick when switching desktops (Compiz)
https://bugs.launchpad.net/bugs/356702
You received this bug notification because you are a member of Ubuntu
Bugs,
I have a similar issue on Raring: i cannot print on my HP OfficeJet 4500
after the machine was suspended at least once. Cups would say Unable to
find printer. After restarting avahi i can print again:
sudo restart avahi-daemon
I am happy to assist debugging this, e.g. providing logs or network
I have to correct my above last comment: there is only a very short
duration after reboot that i can print. Effectively i have to restart
avahi before each print (or to un-stuck a queued job).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
It's not fixed for me either. Fully patched 13.04 with Gnome 3.8 from
PPA. Seems to only happen when starting gnome shell, not in Unity.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1132555
Title:
Public bug reported:
When sshd_config contains a comment of more than 1023 chars, it treats
char 1024+ as valid configuration. That usually breaks the config, or
(in case there accidentally is valid sshd_config syntax) is unwanted.
To verify the bug, apply appended patch to sshd_config (that
** Patch added: Prepends a comment longer than 1024 chars to sshd_config
https://bugs.launchpad.net/bugs/1023360/+attachment/3219642/+files/sshd_config-longcomment.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
(Removed patch tag. It actually is a patch file, but only to
illustrate the bug, not to be applied to the source, it doesn't need
review)
** Tags removed: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The bug is present upstream as well, i filed it there too:
https://bugzilla.mindrot.org/show_bug.cgi?id=2025
** Bug watch added: OpenSSH Portable Bugzilla #2025
https://bugzilla.mindrot.org/show_bug.cgi?id=2025
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Upstream provided a patch (
https://bugzilla.mindrot.org/attachment.cgi?id=2174 ). It will go into
OpenSSH 6.1.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1023360
Title:
Comments longer than
Public bug reported:
I have a system that runs unattended-upgrades just fine. Now i want to
automate removal of old kernels and kernel header packages that are
accumulating otherwise. So i set 'Unattended-Upgrade::Remove-Unused-
Dependencies true;'. But it doesn't work.
Details: Lots of
I had a quick glance at /usr/bin/unattended-upgrade, and it looks like
that Unattended-Upgrade::Remove-Unused-Dependencies only autoremoves
dependancies that have become auto-removeable during *this* very run of
unattended-upgrade! Anything that had already been auto-removeable
before invokation
Note that situation #1089195 is another possible outcome of this bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1267059
Title:
Unattended-Upgrade::Remove-Unused-Dependencies does not work
To
This issue made an upgrade fail in the middle which left my system
(12.04.5 LTS) with broken dependancies that are not trivial to solve:
apt-get -f install fails due to lack of inodes. apt-get autoremove
refuses to run due to broken deps, and so does apt-get remove -f
$SOME_OLD_KERNEL_PACKGES.
In
Note that automatic updates (e.g. unattended-upgrades) will even more
likely bring you into this situation. And because of bug #1267059, even
then you set 'Unattended-Upgrade::Remove-Unused-Dependencies true'. Not
good for a LTS.
--
You received this bug notification because you are a member of
Each day this bug breaks more Ubuntu servers that do unattended-
upgrades, in particular cloud servers with 100GB rootfs. I alone have
a few dozens affected machines.
And it's not totally trivial for Admin Average to diagnose the inode
shortage, realize it's flooded with linux-headers packages,
Public bug reported:
New AWS regions like eu-central-1 (Frankfurt) only support the most
recent version of their authentication scheme AWS Signature V4 [1].
s3cmd supports V4 from 1.5.2 onwards [2].
Please provide s3cmd = 1.5.2 as backport, at least for Trusty, such
that it can use the new S3
Public bug reported:
We use lrzip to compress large logs with an hourly cronjob. The server
is sometimes short of memory. Occasionally lrzip freezes. Usually it
just hangs doing nothing, "strace -p $PID" just showing "WAIT(...".
Every now and then it's consuming 100% CPU doing this ad infinitum:
Nice to see that a LTS-killing bug is taken seriously (after 2 years).
What about Precise? It is affected and has still 1.5y to live.
(Though one might argue that any affected Precise machine must be either
dead or manually patched by now)
--
You received this bug notification because you are
Thanks for fixing so quickly once this ticket was raised!
I have questions though about the time before.
rabbitmq-server is in the Canonical-supported 'main' repo of two active
Ubuntu LTS releases. In Dec 2016, a security issue and a patch are
published upstream, rated 'critical'. Debian rates
** Bug watch added: github.com/rabbitmq/rabbitmq-mqtt/issues #96
https://github.com/rabbitmq/rabbitmq-mqtt/issues/96
** Also affects: rabbitmq via
https://github.com/rabbitmq/rabbitmq-mqtt/issues/96
Importance: Unknown
Status: Unknown
--
You received this bug notification
*** This bug is a security vulnerability ***
Public security bug reported:
https://pivotal.io/security/cve-2016-9877
"MQTT (MQ Telemetry Transport) connection authentication with a
username/password pair succeeds if an existing username is provided but
the password is omitted from the
Please bump the importance to "High". This is a trivially and remotely
exploitable authentication bypass, and it's classified "Critical"
upstream, and "High" over at Debian.
This bug was raised and fixed upstream last year. Debian backported the
fix in January. Since when are you aware of it?
--
Lenovo Thinkpad T430 affected
$ lsb_release -r
Release:16.04
$ uname -r
4.4.0-93-generic
$ lspci -nn | grep VGA
00:02.0 VGA compatible controller [0300]: Intel Corporation 3rd Gen Core
processor Graphics Controller [8086:0166] (rev 09)
--
You received this bug notification because
Requesting to revert and leaving this to procps:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/189565
Title:
ufw enables syncookies by
Public bug reported:
2008 ufw decided to *disable* TCP SYN cookies by default in
/etc/ufw/sysctl.conf, see
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/189565
After a more detailed discussion that had started in 2006, procps
*enabled* TCP SYN cookies by default in
I filed a request for ufw not to override
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/57091
Title:
proc/sys/net/ipv4/tcp_syncookies=1
Sorry for only checking the latest LTS, didn't realize it had been fixed
in >= 17.04. Thx.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1737585
Title:
ufw should not override procps' default of
Same here on Ubuntu 16.04:
$ sudo apt-get install rtl8812au-dkms
#...
Building for 4.10.0-40-generic and 4.10.0-42-generic
Building initial module for 4.10.0-40-generic
Error! Bad return status for module build on kernel: 4.10.0-40-generic (x86_64)
Consult
Observe #1267059 about 'Unattended-Upgrade::Remove-Unused-Dependencies'
not working as expected for old versions of unattended-upgrades, also
resulting e.g. in obsolete kernel packages not getting removed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This report was marked being a duplicate of
https://bugs.launchpad.net/ubuntu/+source/unattended-
upgrades/+bug/1624644. But it is not specifically about unattended-
upgrades; various upgrade mechanisms run into this same issue. Hence
this bug report not a duplicate.
** This bug is no longer a
Public bug reported:
Last night, unattended-upgrades upgraded the erlang packages on our
RabbitMQ server from 1:18.3-dfsg-1ubuntu3 to 1:18.3-dfsg-1ubuntu3.1.
erlang-base's prerm script successfully found and stopped rabbitmq-
server, and the postinst script tried to start it again:
# From
Public bug reported:
We run unattended-upgrades happily with 'Unattended-Upgrade::Mail'
active and 'Unattended-Upgrade::Remove-Unused-Dependencies'
Sometimes a UU run would not install nor hold anything, but only
autoremove packages that have become obsolete, typically old kernels. In
such
FYI this is unattended-upgrades 0.90ubuntu0.10 on Ubuntu 16.04.4 LTS
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820614
Title:
Mail notification's headlines do not mention autoremovals
To
Public bug reported:
Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been
patched yet against the Racoon Attack (CVE-2020-1968):
- https://www.openssl.org/news/secadv/20200909.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968
- https://raccoon-attack.com/
** Description changed:
Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been
- patched yet against the Racoon Attack (CVE-2020-1968):
+ patched yet against the Raccoon Attack (CVE-2020-1968):
- https://www.openssl.org/news/secadv/20200909.txt
-
> "Please upgrade to bionic or focal?"
Is this an official recommendation from Ubuntu, that users shall migrate
off Xenial now, because of a security issue in a core library?
And there I was, thinking we have until April 2021 ...
--
You received this bug notification because you are a member
Oh, indeed!
> 1.0.2w moves the affected ciphersuites into the "weak-ssl-ciphers" list. [...]
> This is unlikely to cause interoperability problems in most cases since use
> of these ciphersuites is rare.
Fair enough. Thank you for clarifying.
(And apologies for this noise)
--
You received
Thank you very much for fixing swiftly!
Please forgive me for pointing this out though:
I note that rather than stopping the affected cipher suites from re-
using secrets across connections, you chose to declare the suites as
weak and disabled them altogether.
I appreciate that this is an
Same here, flood of kernel/audit messages as below.
Chromium 84.0.4147.105, snap rev 1244, Ubuntu 20.04.1
Aug 04 17:27:59 ole kernel: audit: type=1326 audit(1596558479.339:301):
auid=1001 uid=1001 gid=1001 ses=3 subj==snap.chromium.chromium (enforce)
pid=25861 comm="chrome"
Is there a timeline for releasing the upstream fix, at least for 18.04
LTS?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815407
Title:
nsca-ng fails under TLS 1.3 / openssl 1.1.1: "Cannot
We have this issue too. Ubuntu 20.04 x86_64, collectd 5.9.2.g-1ubuntu5
The LD_PRELOAD workaround @Mike Battersby (mib-8) suggested works for
us.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872281
Public bug reported:
See upstream bug reports:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968942
- https://community.openvpn.net/openvpn/ticket/1208
Openvpn < 2.4.8 opens the TCP port with a too small backlog, and on kernels >
4.3 that leads to incoming connections being dropped. This
Public bug reported:
The post install routing of clamav-freshclam generates
/etc/clamav/freshclam.conf that contains the option "SafeBrowsing"
(either using the default "false", or "true", depending on user input)
But that option is deprecated, and since 0.103.2+dfsg-0ubuntu0.18.04.1
"freshclam
** Description changed:
- The post install routing of clamav-freshclam generates
+ The post install routine of clamav-freshclam generates
/etc/clamav/freshclam.conf that contains the option "SafeBrowsing"
(either using the default "false", or "true", depending on user input)
But that
This also affects Bionic's nsca-ng-client=1.5-2build2. Oddly, the
server-side seems to work fine with older clients:
This works: nsca-ng-client=1.4-2 -> nsca-ng-server=1.5-2build2
This fails: nsca-ng-client=1.5-2build2 -> nsca-ng-server=1.5-2build2
... with error message "Cannot retrieve
This seems to affect any machine that has tun interfaces, which don't
have MAC addresses. E.g. anyone who runs OpenVPN. Please fix.
[SNIP]
$ sudo netplan apply
Traceback (most recent call last):
File "/usr/sbin/netplan", line 23, in
netplan.main()
File
Same here:
Many machines with unattended-upgrade (UU). Some Focals upgraded both
netplan.io & libnetplan0 in tandem to 0.102, others left both packages at
0.101, probably depending on when they ran UU and what state the APT mirrors
where at at that time. All those machines were fine.
One
Public bug reported:
clamscan throws "LibClamAV Warning: Unsupported message format `global-
headers'" when scanning e.g. the exim4 binary from recent releases.
When running clamscan as cronjob, such STDERR warnings produce
disruptive rootmail noise.
For example on my current Ubuntu Focal:
$
Apologies for the mismatch between this report's title and description
("Unsupported message format `global-headers'" vs "...`global'").
clamscan throws the warning I mentioned in the title when scanning an
exim4 binary from Debian 11:
$ wget -q
Public bug reported:
rkhunter incorrectly reports libkeyutils.so.1.9 as "Sniffer component"
or (running_procs) as "Spam tool component".
Unfortunately, the libkeyutils1 package that recent releases of Debian
(>=11) and Ubuntu (>=20.10) ship contains /lib/x86_64-linux-
gnu/libkeyutils.so.1.9, see
Fixed in Debian, see https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=951366
** Bug watch added: Debian Bug tracker #951366
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951366
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
According to some reports, this ought to help:
RTKT_FILE_WHITELIST=/usr/lib/x86_64-linux-gnu/libkeyutils.so.1.9
However, in our use case the file in question does not exist on the host
system, only inside the containers, so this yields me "Invalid
RTKT_FILE_WHITELIST configuration option:
77 matches
Mail list logo
