** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1559600
Title:
crash in libcrypto.so.1.0.0
To manage notifications about
Closing based on comment #7.
** Changed in: isc-dhcp (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: bind9 (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
Thanks for the bug report, Craig. We are aware of the issues fixed in
8.38 but we've prioritized them as 'low' since the issues require
software that passes untrusted regexes to PCRE. We don't feel like this
is common usage of PCRE.
We track these issues in the Ubuntu CVE Tracker:
hanged in: apparmor
Assignee: (unassigned) => Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1546455
Title:
Many instances of 'apparmor="DENIED"
Passed QRT's test-apparmor.py in an Xenial amd64 VM.
** Patch added: "apparmor_2.10-3ubuntu2.debdiff"
https://bugs.launchpad.net/apparmor/+bug/1546455/+attachment/4574878/+files/apparmor_2.10-3ubuntu2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server
Patch sent to the list:
https://lists.ubuntu.com/archives/apparmor/2016-February/009328.html
** Changed in: apparmor (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
** Description changed:
+ [Impact]
+
+ * Users may encounter situations where they use applications, confined by
+AppArmor, that hit EACESS failures when attempting to operate on AF_UNIX
+stream sockets.
+
+ * These failures typically occur when the confined applications attempts to
+
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1513299
Title:
package nginx-full (not installed) failed to
The Ubuntu Security Team has produced some packages built with the
proposed fix from Serge (thanks again, Serge!). They have not been
tested by the Security Team yet but those affected by this bug may find
the packages useful. They can be found in:
https://launchpad.net/~ubuntu-security-
The regression should be fixed with lxc 1.0.7-0ubuntu0.6. See
http://www.ubuntu.com/usn/usn-2753-2/ for more details.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1476662
Title:
Hi Tobias - Can you share what Ubuntu release you're using?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1501310
Title:
Unable to start containers after upgrade to 1.0.7-0ubuntu0.5
Hello - Is anyone seeing this regression on a release other than 14.04
LTS (Trusty)?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1476662
Title:
lxc-start symlink vulnerabilities may
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1476662
Title:
lxc-start symlink vulnerabilities may allow guest to
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to beautifulsoup in Ubuntu.
https://bugs.launchpad.net/bugs/1498952
Title:
package python-beautifulsoup 3.2.1-1 failed to
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1498254
Title:
package postfix 2.11.0-1ubuntu1 failed to install/upgrade:
** Also affects: shadow (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: openssh (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: audit (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: lightdm (Ubuntu Trusty)
I've created an upstream lightdm merge request to add login and logout
auditing support:
https://code.launchpad.net/~tyhicks/lightdm/auditing/+merge/269828
I've also submitted the (simple) changes needed in the openssh package
to Debian since Colin keeps the Debian and Ubuntu openssh package
The bug is not in aureport or libaudit. aureport looks for
AUDIT_USER_LOGIN events in the audit log but we're not generating them
in login programs due to libaudit support not being enabled at build
time or, in the case of lightdm, missing libaudit support.
Note that we are generating an
Making this public since the Fedora bug is already public. It'll help to
get more developers access to the report.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
It is worth noting that I typoed the CVE ID in the changelog.
CVE-2015-1131 should have been CVE-2015-1331.
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1131
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1131
** CVE removed:
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1470842
Title:
lxc tools lock handling vulnerable to symlink attack
Public bug reported:
Starting in Ubuntu 15.04, while using systemd as init, running
containers are being stopped when an lxc package upgrade occurs. In
older Ubuntu releases, running containers are still up after lxc package
upgrades.
Serge reports that a simple `apt-get install --reinstall lxc`
From IRC, Chuck thinks that python-oauthlib is sufficient:
14:52 tyhicks zul: so python-oauthlib is sufficient and we can mark the
python-oauth2 MIR as won't fix?
14:52 zul tyhicks: should be
Marking this MIR as Won't Fix since we no longer need python-oauth2 in
main.
** Changed in:
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvswitch in Ubuntu.
https://bugs.launchpad.net/bugs/1470888
Title:
package openvswitch-pki 2.0.2-0ubuntu0.14.04.2 failed
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1461004
Title:
package bind9 1:9.9.5.dfsg-3ubuntu0.2 failed to
As a result of the slave versus make-slave revelation, I've created
two upstream AppArmor bugs. The first is for the AppArmor documentation
being wrong about the acceptable mount option strings (bug #1401619).
The second is for the AppArmor parser accepting unknown mount option
strings (bug
Hi Serge - I'm still wanting a little more information. I tried to
reproduce the bug myself and can't hit the AppArmor denial. I assume
that it must be specific to Charles' local trusty/wordpress charm.
Charles and/or Curtis, can you explain what change occurred in juju-core
that has caused the
(Ubuntu)
Assignee: (unassigned) = Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1319525
Title:
juju-local LXC containers hang due to AppArmor denial of rpc_pipefs
Would it be possible to attach your local wordpress charm?
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
** Summary changed:
- juju-local LXC containers hang due to App Armor Denial of rpc_fsbind request
with local charms
+ juju-local LXC containers hang due to AppArmor denial of rpc_pipefs mount
with local charms
--
You received this bug notification because you are a member of Ubuntu
Server
Here's a debdiff that updates the freshclam AppArmor profile to grant
both read and write permissions for the clamd socket file. Both
permissions are now required by AppArmor when applications connect() to
UNIX domain sockets.
** Patch added: clamav_0.98.1+dfsg-5ubuntu2.debdiff
** Description changed:
- Not sure if this is a bug, or by design (but I would like some
- clarification)
+ [Description]
- I recently upgraded my Ubuntu server to 14.04 LTS and notice some error
messages regarding Apparmor and Freshclam.
- So far I know I didn't had these error message with
** Description changed:
- [Description]
+ [Impact]
Freshclam is not able to notify clamd about new databases because AppArmor
prevents it from connecting to the clamd socket. Clamd will still detect the
database update and force reload, but freshclam should be able to notify
clamd.
)
Status: New = Fix Released
** Changed in: ntp (Ubuntu)
Assignee: (unassigned) = Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1135780
Title:
ntp apparmor denied
FWIW, the upstream apparmor commit that fixed this is r2382
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1135780
Title:
ntp apparmor denied read of /usr/share/samba/upcase.dat
To
Here's the lightdm debdiff to allow the guest session to start with
AppArmor signal and ptrace mediation. It is tested on Trusty amd64.
** Patch added: lightdm_1.9.14-0ubuntu2.debdiff
Here's an updated libvirt debdiff. I rebase Jamie's debdiff on top of
the libvirt that was uploaded to the archive yesterday.
** Patch added: libvirt_1.2.2-0ubuntu9.debdiff
Here's the apparmor debdiff. The testing performed in described in the
bug description. Let me know if there are any questions.
** Patch added: apparmor_2.8.95~2430-0ubuntu4.debdiff
*** This bug is a duplicate of bug 1296459 ***
https://bugs.launchpad.net/bugs/1296459
** This bug is no longer a duplicate of bug 1295774
ERROR processing policydb rules for profile lxc-container-default, failed to
load
** This bug has been marked a duplicate of bug 1296459
Upgrade
*** This bug is a duplicate of bug 1296459 ***
https://bugs.launchpad.net/bugs/1296459
I believe this issue was solved with apparmor 2.8.95~2430-0ubuntu3. It
contains a fix for a regression in how apparmor_parser generates
AppArmor policy containing mount rules.
I'm going to mark this bug as
can obviously help out as needed.
** Also affects: lightdm (Ubuntu)
Importance: Undecided
Status: New
** Changed in: lightdm (Ubuntu)
Status: New = In Progress
** Changed in: lightdm (Ubuntu)
Assignee: (unassigned) = Tyler Hicks (tyhicks)
** Changed in: lightdm (Ubuntu
: In Progress = Confirmed
** Changed in: ntp (Ubuntu)
Assignee: Tyler Hicks (tyhicks) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1236065
Title:
Crypto support missing
#696390 has the needed fix.
** Affects: ntp (Ubuntu)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs
Here's the debdiff between what's currently in Saucy and the update I'm
proposing with the debdiff above. The merge from Debian testing only
pulls in the fix for this bug.
** Patch added: old-saucy-to-new.debdiff
Merge ntp 1:4.2.6.p5+dfsg-3 from Debian testing.
I've verified that QRT's test-ntp.py now passes. Here's the relevant
snippet from the build log:
checking for openssl library directory... /usr/lib/x86_64-linux-gnu
checking for openssl include directory... /usr/include
checking if we will
*** This bug is a duplicate of bug 941968 ***
https://bugs.launchpad.net/bugs/941968
** This bug has been marked a duplicate of bug 941968
lockfile-create hangs inside lxc containers (potential buffer overflow?)
--
You received this bug notification because you are a member of Ubuntu
The problem is with string handling in liblockfile's
lockfile_create_save_tmplock(). I'll start work on getting a debdiff
prepared.
** Also affects: liblockfile (Ubuntu)
Importance: Undecided
Status: New
** Changed in: liblockfile (Ubuntu)
Assignee: (unassigned) = Tyler Hicks
After reading the thread on ubuntu-hardened and doing some research of
my own, a lack of instructions does not seem to be the primary problem
here. It sounds like an external infrastructure problem since the public
NTP pool does not guarantee that their servers support NTP
authentication.
I'm
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a regular (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
This CVE is being tracked in the Ubuntu CVE tracker:
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-0216
** Changed in: apache2 (Ubuntu)
Importance: Undecided = Low
** Changed in: apache2 (Ubuntu)
Status: New = Triaged
** Visibility changed to: Public
--
You received this
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1027061
Title:
Postfix upgrade to 2.9.3-2~12.04.1 changes configuration files
To manage
Thanks for having a look, Scott. I'm unsubscribing ubuntu-security and
marking this as a regular, non-security bug.
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
Here is my proposed debdiff for Precise. I'll need a sponsor for this to
make it into the release.
I've built a package locally with this debdiff. I sanity checked it
using the 'umt compare-log', 'umt compare-bin', and 'umt check' tools. I
tested it with the reproducers from ZDI, as well as
Thanks Jelmer! You've probably already noticed, but jdstrand has
sponsored it.
I was wondering if we could generate the PIDL generated code at build
time, but I decided against it for sake of making cherry-picking from
upstream stable branches easy in the future. Upstream has reran the PIDL
Ok, now I see that the 3.6 upstream branch places the samba3-idl target
underneath 'make all', so I assume that they are now relying on the code
generation to happen at build time. Can you confirm this, Jelmer?
If that's the case, then we probably do want to follow that convention
in our 3.6.x
The diff between the output of 'cd /usr/share/puppet-testsuite rake
spec unit' ran under puppet-2.7.11-1ubuntu1 and puppet-2.7.11-1ubuntu2
(which is simply the debdiff attached above applied).
Note that there are many false positives from failed Windows tests. I'm
not sure why these tests are
Thanks, Ryan! We are aware of the issue and we are currently working on
an update.
** Changed in: samba (Ubuntu)
Status: New = Confirmed
** Changed in: samba (Ubuntu)
Assignee: (unassigned) = Tyler Hicks (tyhicks)
** Changed in: samba (Ubuntu)
Importance: Undecided = High
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
Debdif against 2012.1~rc1-0ubuntu2. Tested using the in-tree test suite.
The new tests, added by the patch in the debdiff, successfully pass.
** Patch added: nova_2012.1~rc1-0ubuntu3.debdiff
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
Thanks again for the tomcat5.5 Hardy branch, James! As you probably
noticed, I touched up the changelog a little bit to add in the upstream
author and a link to the upstream patch. Everything else looked great
and the updated package should now be available.
--
You received this bug notification
** Changed in: tomcat5.5 (Ubuntu Hardy)
Status: Confirmed = In Progress
** Changed in: tomcat5.5 (Ubuntu Hardy)
Assignee: (unassigned) = Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6
** Changed in: tomcat6 (Ubuntu Hardy)
Status: In Progress = Invalid
** Changed in: tomcat6 (Ubuntu Lucid)
Status: In Progress = Fix Committed
** Changed in: tomcat6 (Ubuntu Maverick)
Status: In Progress = Fix Committed
** Changed in: tomcat6 (Ubuntu Natty)
Status: In
66 matches
Mail list logo
