** Description changed: + [ Impact ] + + On noble/oracular, Xymon crashes almost immediately with detection of a + buffer overflow. On jammy, Xymon doesn't crash but is still subject to + the buffer overflow (it just doesn't notice because the FORTIFY_SOURCE + option is too low to enable that detection). + + [ Test Plan ] + + For the affected $series, first verify the issue manifests (n.b. this + does not apply to jammy which won't show the termination): + + * lxc launch ubuntu:$series xymontest + * lxc shell xymontest + * apt update + * apt install xymon w3m (accept defaults) + * tail -f /var/log/xymon/rrd-status.log + * Note buffer overflow causing termination within a short period of time + * w3m http://localhost/xymon + * Note no interface is running + * exit + * lxc stop xymontest + * lxc delete xymontest + + Verify proposed version fixes the issue: + + * lxc launch ubuntu:$series xymontest + * lxc shell xymontest + * apt update + * apt install -t $series-proposed xymon w3m (accept defaults) + * tail -f /var/log/xymon/rrd-status.log + * Wait several minutes + * Note no buffer overflow termination + * w3m http://localhost/xymon + * Note interface is active; try main view, event log, config report + * exit + * lxc stop xymontest + * lxc delete xymontest + + [ Regression Potential ] + + The patch is minimal, is present in Debian, and has been forwarded + upstream. Given that the symptom (at least in noble onwards) is almost + immediately failure of the service, it's hard for it to regress much + further there. However, the test plan does include a basic general + functionality test to guard against wider regression. + + This should also cover the jammy case which doesn't *appear* affected + but almost certainly is (it isn't noticing due to the lower + FORTIFY_SOURCE value, but we shouldn't leave buffer overflows lying + around if we don't have to!). + + [ Original Description ] + lsb_release -rd: No LSB modules are available. Description: Ubuntu 24.04.1 LTS Release: 24.04 apt-cache policy xymon: xymon: - Installed: 4.3.30-2build3 - Candidate: 4.3.30-2build3 - Version table: - *** 4.3.30-2build3 500 - 500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages - 100 /var/lib/dpkg/status + Installed: 4.3.30-2build3 + Candidate: 4.3.30-2build3 + Version table: + *** 4.3.30-2build3 500 + 500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages + 100 /var/lib/dpkg/status - - Noticed Xymon server was not reporting disk and memory utilization from clients however client data was showing that information was received. Found errors in some logfiles: + Noticed Xymon server was not reporting disk and memory utilization from + clients however client data was showing that information was received. + Found errors in some logfiles: ==> /var/log/xymon/rrd-status.log <== 2024-09-01 12:34:06.746771 Peer not up, flushing message queue 2024-09-01 12:34:06.863790 Peer not up, flushing message queue 2024-09-01 12:34:08.265509 Peer not up, flushing message queue 2024-09-01 12:34:17.025378 Peer not up, flushing message queue 2024-09-01 12:34:41.913539 Peer not up, flushing message queue 2024-09-01 12:34:42.106938 Peer not up, flushing message queue 2024-09-01 12:34:42.765675 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:34:45.615048 Child process 164275 died: Signal 6 2024-09-01 12:34:58.117778 Peer at 0.0.0.0:0 failed: Broken pipe ==> /var/log/xymon/alert.log <== 2024-09-01 12:32:54.421811 Flushed 1 stale messages for 0.0.0.0:0 2024-09-01 12:33:49.327117 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:33:49.488250 Child process 163743 died: Signal 6 2024-09-01 12:33:49.888530 Peer at 0.0.0.0:0 failed: Broken pipe 2024-09-01 12:34:06.746753 Peer not up, flushing message queue 2024-09-01 12:34:37.421808 Flushed 1 stale messages for 0.0.0.0:0 2024-09-01 12:34:41.913550 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:34:48.583987 Child process 164284 died: Signal 6 ==> /var/log/xymon/clientdata.log <== 2024-09-01 12:32:59.421812 Flushed 1 stale messages for 0.0.0.0:0 2024-09-01 12:33:54.362205 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:33:54.549344 Child process 163757 died: Signal 6 2024-09-01 12:34:11.535702 Peer at 0.0.0.0:0 failed: Broken pipe 2024-09-01 12:34:12.013168 Peer not up, flushing message queue 2024-09-01 12:34:42.421805 Flushed 1 stale messages for 0.0.0.0:0 2024-09-01 12:34:47.190143 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:34:53.608383 Child process 164295 died: Signal 6 I am using a xymon hosts.cfg that was running fine with Ubuntu 22.04.4 (xymon 4.3.30-1build2). I tried a fresh Ubuntu 24.04 OS install and got the same response.
** Description changed: [ Impact ] On noble/oracular, Xymon crashes almost immediately with detection of a buffer overflow. On jammy, Xymon doesn't crash but is still subject to the buffer overflow (it just doesn't notice because the FORTIFY_SOURCE option is too low to enable that detection). [ Test Plan ] For the affected $series, first verify the issue manifests (n.b. this does not apply to jammy which won't show the termination): * lxc launch ubuntu:$series xymontest * lxc shell xymontest * apt update * apt install xymon w3m (accept defaults) * tail -f /var/log/xymon/rrd-status.log * Note buffer overflow causing termination within a short period of time * w3m http://localhost/xymon * Note no interface is running * exit * lxc stop xymontest * lxc delete xymontest - Verify proposed version fixes the issue: + Verify proposed version fixes the issue (n.b. this *does* apply to + jammy, which should show normal operation still works): * lxc launch ubuntu:$series xymontest * lxc shell xymontest * apt update * apt install -t $series-proposed xymon w3m (accept defaults) * tail -f /var/log/xymon/rrd-status.log * Wait several minutes * Note no buffer overflow termination * w3m http://localhost/xymon * Note interface is active; try main view, event log, config report * exit * lxc stop xymontest * lxc delete xymontest [ Regression Potential ] The patch is minimal, is present in Debian, and has been forwarded upstream. Given that the symptom (at least in noble onwards) is almost immediately failure of the service, it's hard for it to regress much further there. However, the test plan does include a basic general functionality test to guard against wider regression. This should also cover the jammy case which doesn't *appear* affected but almost certainly is (it isn't noticing due to the lower FORTIFY_SOURCE value, but we shouldn't leave buffer overflows lying around if we don't have to!). [ Original Description ] lsb_release -rd: No LSB modules are available. Description: Ubuntu 24.04.1 LTS Release: 24.04 apt-cache policy xymon: xymon: Installed: 4.3.30-2build3 Candidate: 4.3.30-2build3 Version table: *** 4.3.30-2build3 500 500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages 100 /var/lib/dpkg/status Noticed Xymon server was not reporting disk and memory utilization from clients however client data was showing that information was received. Found errors in some logfiles: ==> /var/log/xymon/rrd-status.log <== 2024-09-01 12:34:06.746771 Peer not up, flushing message queue 2024-09-01 12:34:06.863790 Peer not up, flushing message queue 2024-09-01 12:34:08.265509 Peer not up, flushing message queue 2024-09-01 12:34:17.025378 Peer not up, flushing message queue 2024-09-01 12:34:41.913539 Peer not up, flushing message queue 2024-09-01 12:34:42.106938 Peer not up, flushing message queue 2024-09-01 12:34:42.765675 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:34:45.615048 Child process 164275 died: Signal 6 2024-09-01 12:34:58.117778 Peer at 0.0.0.0:0 failed: Broken pipe ==> /var/log/xymon/alert.log <== 2024-09-01 12:32:54.421811 Flushed 1 stale messages for 0.0.0.0:0 2024-09-01 12:33:49.327117 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:33:49.488250 Child process 163743 died: Signal 6 2024-09-01 12:33:49.888530 Peer at 0.0.0.0:0 failed: Broken pipe 2024-09-01 12:34:06.746753 Peer not up, flushing message queue 2024-09-01 12:34:37.421808 Flushed 1 stale messages for 0.0.0.0:0 2024-09-01 12:34:41.913550 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:34:48.583987 Child process 164284 died: Signal 6 ==> /var/log/xymon/clientdata.log <== 2024-09-01 12:32:59.421812 Flushed 1 stale messages for 0.0.0.0:0 2024-09-01 12:33:54.362205 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:33:54.549344 Child process 163757 died: Signal 6 2024-09-01 12:34:11.535702 Peer at 0.0.0.0:0 failed: Broken pipe 2024-09-01 12:34:12.013168 Peer not up, flushing message queue 2024-09-01 12:34:42.421805 Flushed 1 stale messages for 0.0.0.0:0 2024-09-01 12:34:47.190143 Peer not up, flushing message queue *** buffer overflow detected ***: terminated 2024-09-01 12:34:53.608383 Child process 164295 died: Signal 6 I am using a xymon hosts.cfg that was running fine with Ubuntu 22.04.4 (xymon 4.3.30-1build2). I tried a fresh Ubuntu 24.04 OS install and got the same response. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078638 Title: coredumps with Xymon on 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/2078638/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
