[Bug 230174] Re: [Gutsy] ssh installation results in COMPROMISED keys
Hi there. Since I had the same problem and didn't find a complete Solution on the Net. So, I wanted to share my solution with other people having this problem. The Problem is: I am running a dapper version of Ubuntu. Since some piece of software (e.g. Nagios2) requires a newer version, someone added this to the source.list (e.g. hardy). Within the Installation of the software, it seems that libssl also updated to a newer version. Since the modified entries from the sources.list were removed imidiatly or the updates-repository for this version weren't added, the update isn't executed for the newer Version of libssl. Solution is: Install newest openssh-server / openssh-client If the keygeneration does not work, see which libssl-version is installed (gutsy, feisty, hardy etc.) and add the corresponding update-repository to the source.list. Running apt-get update; apt-get install libssl0.9.8 should then update to the latest update-version. Now, keygeneration should be fine. I put exactly this way (except SSH Installation) into a bash script. Running it solved, the Problem on all of my machines. Please make sure - if running it - that all it only updates libssl0.9.8. If it tells you that it has to remove some stuff you should overthink it again. On all of my machines, it only updated libssl0.9.8 and worked fine. Have fun ** Attachment added: Script for updating libssl http://launchpadlibrarian.net/15194957/update_libssl_version.sh -- [Gutsy] ssh installation results in COMPROMISED keys https://bugs.launchpad.net/bugs/230174 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239144] [NEW] package mysql-server-5.0 5.0.51a-3ubuntu5.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1
Public bug reported: just install Mythtv again entered in the root password and got the message about the mythtv-network password and then ProblemType: Package Architecture: i386 Date: Wed Jun 11 23:19:21 2008 DistroRelease: Ubuntu 8.04.1 ErrorMessage: subprocess post-installation script returned error exit status 1 NonfreeKernelModules: nvidia Package: mysql-server-5.0 5.0.51a-3ubuntu5.1 PackageArchitecture: i386 SourcePackage: mysql-dfsg-5.0 Title: package mysql-server-5.0 5.0.51a-3ubuntu5.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1 Uname: Linux 2.6.24-19-rt i686 ** Affects: mysql-dfsg-5.0 (Ubuntu) Importance: Undecided Status: New ** Tags: apport-package -- package mysql-server-5.0 5.0.51a-3ubuntu5.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1 https://bugs.launchpad.net/bugs/239144 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 238516] Re: XSS issues in Nagios CGI (CVE-2007-5803)
** Changed in: nagios3 (Debian) Status: Fix Committed = Fix Released -- XSS issues in Nagios CGI (CVE-2007-5803) https://bugs.launchpad.net/bugs/238516 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 215904] Re: [SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2
Do you think the backtrace in bug #239184 is related to this bug? -- [SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2 https://bugs.launchpad.net/bugs/215904 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239048] Re: apache2 conf.d and sites-enabled oops
Update: Checking my config history, this was not introduced when I thought it was. I merely hadn't restarted apache after putting everything in version control. The base principle still applies: one should not have the default configuration preclude revision control. Checking on things further, Subversion (svn) also puts a subdirectory in each managed directory. ** Description changed: Binary package hint: apache2.2-common In the latest apache2 default config files, the last lines are # Include generic snippets of statements Include /etc/apache2/conf.d/ # Include the virtual host configurations: Include /etc/apache2/sites-enabled/ Any serious web server has its files under version control. I believe many version control packages add additional files to the directory; at least CVS, RCS, and SCCS do - CVS adds a CVS directory, with a few special files to point back to the repository, and the other two actually store all of the repositories within a subdirectory. The two include lines above will attempt to load all of these revision-control related files as apache config files, which will not work. I've kludged this for my system with the following, which has me back up and running: # Include generic snippets of statements Include /etc/apache2/conf.d/[a-z]* # Include the virtual host configurations: Include /etc/apache2/sites-enabled/*-* - This problem is in apache2-common 2.2.8-1ubuntu0.2; it was not in apache2-common 2.2.8-1ubuntu0.1. + This problem is in apache2-common 2.2.8-1ubuntu0.2. + Edit: it was also in apache2-common 2.2.8-1ubuntu0.1. -- apache2 conf.d and sites-enabled oops https://bugs.launchpad.net/bugs/239048 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237894] Re: I cannot connect to any server. Conection hangs up at channel 0: open confirm rwindow 0 rmax 32768
My good luck went away after the next update, though it's not clear what the update had to do with it. Unfortunately, I don't have time to dig into it now. Hopefully, someone with more expertise in OpenSSH can help. -- I cannot connect to any server. Conection hangs up at channel 0: open confirm rwindow 0 rmax 32768 https://bugs.launchpad.net/bugs/237894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 176015] Re: BGP MD5 support regression
Thanks for testing! Copied to hardy-updates. ** Tags added: verification-done ** Tags removed: verification-needed ** Changed in: quagga (Ubuntu Hardy) Status: Fix Committed = Fix Released -- BGP MD5 support regression https://bugs.launchpad.net/bugs/176015 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to quagga in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 238516] Re: XSS issues in Nagios CGI (CVE-2007-5803)
nagios3 updated in Debian unstable to 3.0.2-1, waiting for autosync. -- XSS issues in Nagios CGI (CVE-2007-5803) https://bugs.launchpad.net/bugs/238516 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237688] Re: [SRU] openldap 2.4.9 from 8.04.1.
The recent upload just says Resynchronize dependencies with the hardy version., which is not acceptable as a changelog for an SRU. Also, the version number is 2.4.9-0ubuntu0.804.2, it only needs to be 2.4.9-0ubuntu0.804.1 or even 2.4.9-0ubuntu0.804 (also, 2.4.9-0ubuntu0.8.04 is common practice). You should just do the dependency change and reupload it as 2.4.9-0ubuntu0.8.04 with a complete SRU-conformant changelog (describe the changes in 2.4.9, reference the LP # bugs, etc.). I rejected 2.4.9-0ubuntu0.804.2 from the queue. -- [SRU] openldap 2.4.9 from 8.04.1. https://bugs.launchpad.net/bugs/237688 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239299] [NEW] nowait config option in inetd.conf is error with xinetd
Public bug reported: I updgraded to xinetd In the logs, I saw this: Jun 12 07:11:54 antec xinetd[9605]: inetd.conf - Bad value for wait: nowait.400 [file=/etc/inetd.conf] [line=39] line 39 is swatstream tcp nowait.400 root/usr/sbin/tcpd /usr/sbin/swat swat is 3.0.28a-1ubuntu4.1 ** Affects: samba (Ubuntu) Importance: Undecided Status: New -- nowait config option in inetd.conf is error with xinetd https://bugs.launchpad.net/bugs/239299 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237391] Re: ssh-keygen should default to dsa not rsa
Note also that there is already some commentary on key sizes in the ssh- keygen manual page: For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. -- ssh-keygen should default to dsa not rsa https://bugs.launchpad.net/bugs/237391 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 117182] Re: Something in amavisd-new chain converts iso-8859-1 message parts to UTF-8
It looks like we have the newer Perl module in Intrepid. ** Changed in: amavisd-new (Ubuntu) Status: New = Fix Released -- Something in amavisd-new chain converts iso-8859-1 message parts to UTF-8 https://bugs.launchpad.net/bugs/117182 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 49836] Re: Amavis sa-learn cron job goes to wrong home directory when NG was installed before new.
amavis-ng is long dead and upgrades from Feisty to Intrepid won't be supported, so marking won't fix. ** Changed in: amavisd-new (Ubuntu) Assignee: MOTU (motu) = (unassigned) Status: Confirmed = Won't Fix -- Amavis sa-learn cron job goes to wrong home directory when NG was installed before new. https://bugs.launchpad.net/bugs/49836 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 188754] Re: rules for amavisd-new are not catching all mails
I'll include this with the new amavisd-new 2.6 in Intrepid. ** Changed in: amavisd-new (Ubuntu) Assignee: (unassigned) = Scott Kitterman (kitterman) Status: Triaged = In Progress -- rules for amavisd-new are not catching all mails https://bugs.launchpad.net/bugs/188754 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 55723] Re: Missing X-Spam-* headers
Discussed on IRC with ScottK, and I'll add information concerning the @local_domains_* and $mydomain to the Server Guide for Intrepid. Thanks, Adam -- Missing X-Spam-* headers https://bugs.launchpad.net/bugs/55723 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 119295] Re: OpenSSH should support VIA PadLock
** Description changed: VIA PadLock is a hardware cryptography engine for AES and SHA1/256. - OpenSSH should support PadLock. Initial work on PadLock support has already been done: + OpenSSH should support PadLock. Upstream OpenSSH versions do support + padlock, and a working patch exists in openssh-portable bug #1437 (see + remote bug watches) as of 4.9p1. The patch applies and works fine in + 4.7p1. + + A small bugfix patch to the version of OpenSSL in Ubuntu is also + required for this to work. The bugfix is included in OpenSSL upstream + 0.9.8h. It applies fine and works fine on 0.9.8g. + + Initial work on PadLock support was done some time ago: http://www.logix.cz/michal/devel/padlock/ -- OpenSSH should support VIA PadLock https://bugs.launchpad.net/bugs/119295 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 119294] Re: OpenSSL should support VIA PadLock
Upstream bug: http://rt.openssl.org/Ticket/Display.html?id=1668user=guestpass=guest Though the bug hasn't been closed, the patch has been applied to 0.9.8h as is trivially verifiable by examination of the source. ** Also affects: openssh (Ubuntu) Importance: Undecided Status: New -- OpenSSL should support VIA PadLock https://bugs.launchpad.net/bugs/119294 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 188754] Re: rules for amavisd-new are not catching all mails
This bug was fixed in the package amavisd-new - 1:2.6.0-1ubuntu1 --- amavisd-new (1:2.6.0-1ubuntu1) intrepid; urgency=low * Merge from Debian unstable. Remaining Ubuntu changes: - Updated logcheck/ignore.d.server/amavisd-new (LP: #188754) - Add libmail-dkim-perl (= 0.31) to recommends for new DKIM based whitelisting - Added 81_fqdn-warning.dpatch so that correct config file path for Debian/Ubuntu is displayed if it needs to be set manually - Renumbered from 71 to put it after the new Debian patch - Added patch description - Add commented out $myhostname definition to debian/etc/conf.d05-node_id so that it will be easier for people who don't know Perl syntax to set - Updated debian/patches/40_fix_paths.dpatch to use the new path (/var/lib) for amavis-release - Remove amavisd-new-milter package for transition to Main - Remove libmilter-dev from build-dep - Comment out debian/rules related to amavisd-new-milter - Change maintainer to Ubuntu Core Developers amavisd-new (1:2.6.0-1) unstable; urgency=low * New upstream version * Updated debconf translations: - German. Closes: #448244 - Finnish. Closes: #480503 - Italian. Closes: #480508 - Russian. Closes: #480622 - Basque. Closes: #481550 Thanks to all translators and Christian Perrier for their work. -- Scott Kitterman [EMAIL PROTECTED] Wed, 11 Jun 2008 21:07:08 -0400 ** Changed in: amavisd-new (Ubuntu) Status: In Progress = Fix Released -- rules for amavisd-new are not catching all mails https://bugs.launchpad.net/bugs/188754 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs