[Bug 501956] Re: OpenSSH does not log failed attempts when key authentication is used
** Branch linked: lp:~kees/openssh/report-publickey -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/501956 Title: OpenSSH does not log failed attempts when key authentication is used To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/501956/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 177195] Re: php5-cgi crashed with SIGSEGV in realpath@@GLIBC_2.3()
** Description changed: Binary package hint: php5 Code that worked great on another server causes segfaults on a freshly installed Gutsy 64-bit server ProblemType: Crash Architecture: amd64 Date: Tue Dec 18 18:08:58 2007 DistroRelease: Ubuntu 7.10 ExecutablePath: /usr/bin/php5-cgi Package: php5-cgi 5.2.3-1ubuntu6.2 PackageArchitecture: amd64 ProcCmdline: /usr/bin/php5-cgi ProcCwd: /var/www/virtual/demomusic.nu/htdocs/ver4 ProcEnviron: PATH=/usr/local/bin:/usr/bin:/bin Signal: 11 SourcePackage: php5 StacktraceTop: realpath@@GLIBC_2.3 () from /lib/libc.so.6 virtual_file_ex () expand_filepath () php_check_specific_open_basedir () php_check_open_basedir_ex () Title: php5-cgi crashed with SIGSEGV in realpath@@GLIBC_2.3() Uname: Linux sumo.digitalsteam.net 2.6.22-14-server #1 SMP Sun Oct 14 22:09:15 GMT 2007 x86_64 GNU/Linux UserGroups: + SegvAnalysis: Segfault happened at: 0x2b7a8e4dfce4 :push %r15 PC (0x2b7a8e4dfce4) ok source "%r15" ok destination "(%rsp)" (0x7fff1e301000) ok + SP (0x7fff1e301000) ok Reason could not be automatically determined. SegvReason: Reason could not be automatically determined. -- php5-cgi crashed with SIGSEGV in realpath@@GLIBC_2.3() https://bugs.launchpad.net/bugs/177195 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 550343] Re: openvpn crashed with SIGSEGV
** Description changed: Binary package hint: openvpn I was booting up my ubuntu 10.04 system. ProblemType: Crash DistroRelease: Ubuntu 10.04 Package: openvpn 2.1.0-1ubuntu1 ProcVersionSignature: Ubuntu 2.6.32-17.26-generic 2.6.32.10+drm33.1 Uname: Linux 2.6.32-17-generic x86_64 NonfreeKernelModules: wl Architecture: amd64 CrashCounter: 1 Date: Sun Mar 28 18:20:41 2010 Disassembly: => 0x7f78b83fce94: Cannot access memory at address 0x7f78b83fce94 ExecutablePath: /usr/sbin/openvpn ProcCmdline: /usr/sbin/openvpn --writepid /var/run/openvpn.openvpn.pid --daemon ovpn-openvpn --status /var/run/openvpn.openvpn.status 10 --cd /etc/openvpn --config /etc/openvpn/openvpn.conf --script-security 2 ProcEnviron: PATH=(custom, no user) - SegvAnalysis: - Segfault happened at: 0x7f78b83fce94:Cannot access memory at address 0x7f78b83fce94 - PC (0x7f78b83fce94) ok - SP (0x7fffc5291cc0) ok - Reason could not be automatically determined. Signal: 11 SourcePackage: openvpn StacktraceTop: ?? () ?? () ?? () ?? () ?? () Title: openvpn crashed with SIGSEGV UserGroups: + SegvAnalysis: + Segfault happened at: 0x7f78b83fce94:Cannot access memory at address 0x7f78b83fce94 + PC (0x7f78b83fce94) ok + SP (0x7fffc5291cc0) ok + Reason could not be automatically determined. + SegvReason: Reason could not be automatically determined. -- openvpn crashed with SIGSEGV https://bugs.launchpad.net/bugs/550343 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 544545] Re: rngd doesn't start automatically
** Changed in: rng-tools (Ubuntu) Assignee: (unassigned) => Kees Cook (kees) -- rngd doesn't start automatically https://bugs.launchpad.net/bugs/544545 You received this bug notification because you are a member of Ubuntu Server Team, which is a direct subscriber. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 544545] Re: rngd doesn't start automatically
** Changed in: rng-tools (Ubuntu) Status: Confirmed => Triaged -- rngd doesn't start automatically https://bugs.launchpad.net/bugs/544545 You received this bug notification because you are a member of Ubuntu Server Team, which is a direct subscriber. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 573206] [NEW] upstart script does not load AppArmor profile
Public bug reported: mysql is starting before apparmor, so it must load the apparmor profile on its own. On a fresh Lucid install with mysql, aa-status will report: 1 processes are unconfined but have a profile defined. /usr/sbin/mysqld (1346) ** Affects: mysql-dfsg-5.1 (Ubuntu) Importance: High Status: Confirmed ** Affects: mysql-dfsg-5.1 (Ubuntu Lucid) Importance: High Status: Confirmed ** Affects: mysql-dfsg-5.1 (Ubuntu Maverick) Importance: High Status: Confirmed ** Changed in: mysql-dfsg-5.1 (Ubuntu) Milestone: None => lucid-updates ** Also affects: mysql-dfsg-5.1 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: mysql-dfsg-5.1 (Ubuntu Maverick) Importance: Undecided Status: New ** Changed in: mysql-dfsg-5.1 (Ubuntu Maverick) Milestone: lucid-updates => None ** Changed in: mysql-dfsg-5.1 (Ubuntu Lucid) Milestone: None => lucid-updates ** Changed in: mysql-dfsg-5.1 (Ubuntu Lucid) Status: New => Confirmed ** Changed in: mysql-dfsg-5.1 (Ubuntu Maverick) Status: New => Confirmed ** Changed in: mysql-dfsg-5.1 (Ubuntu Maverick) Importance: Undecided => High ** Changed in: mysql-dfsg-5.1 (Ubuntu Lucid) Importance: Undecided => High -- upstart script does not load AppArmor profile https://bugs.launchpad.net/bugs/573206 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 573206] Re: upstart script does not load AppArmor profile
The following should fix it... ** Patch added: "mysql-dfsg-5.1_5.1.41-3ubuntu12.1.debdiff" http://launchpadlibrarian.net/47035494/mysql-dfsg-5.1_5.1.41-3ubuntu12.1.debdiff -- upstart script does not load AppArmor profile https://bugs.launchpad.net/bugs/573206 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 573222] Re: php5 session.save_path moved to /tmp
** Package changed: apparmor (Ubuntu Lucid) => php5 (Ubuntu Lucid) ** Changed in: php5 (Ubuntu Lucid) Status: New => Confirmed ** Changed in: php5 (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: php5 (Ubuntu Maverick) Status: New => Confirmed ** Changed in: php5 (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: php5 (Ubuntu Lucid) Milestone: None => lucid-updates -- php5 session.save_path moved to /tmp https://bugs.launchpad.net/bugs/573222 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 573222] Re: [SRU] php5 session.save_path moved to /tmp
I can confirm that the sess_* files have moved back to /var/lib/php5. Thanks! -- [SRU] php5 session.save_path moved to /tmp https://bugs.launchpad.net/bugs/573222 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 331410] Re: CVE-2008-6123: not fixed in latest security releases
Hi! Thanks for the report. It looks like this wasn't triaged correctly when we first looked at it. We'll get this fixed and published. Thanks for the patches and for testing it. ** Also affects: net-snmp (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: net-snmp (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: net-snmp (Ubuntu Maverick) Importance: Undecided Assignee: Stephan Hermann (shermann) Status: Confirmed ** Changed in: net-snmp (Ubuntu Karmic) Status: New => Invalid ** Changed in: net-snmp (Ubuntu Lucid) Status: New => Triaged ** Changed in: net-snmp (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: net-snmp (Ubuntu Maverick) Status: Confirmed => Triaged ** Changed in: net-snmp (Ubuntu Maverick) Assignee: Stephan Hermann (shermann) => (unassigned) ** Changed in: net-snmp (Ubuntu Lucid) Importance: Undecided => Medium -- CVE-2008-6123: not fixed in latest security releases https://bugs.launchpad.net/bugs/331410 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to net-snmp in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 331410] Re: CVE-2008-6123: not fixed in latest security releases
Ah-ha, I see the problem now. This vulnerability was introduced after all the versions of net-snmp that were in the archive at the time the CVE was published. At some point Debian packaged the 5.4.x series from a point that did not include the fix, which is why only Lucid and later have the problem. ** Changed in: net-snmp (Ubuntu Maverick) Status: Triaged => Fix Released ** Changed in: net-snmp (Ubuntu Lucid) Status: Triaged => Fix Committed -- CVE-2008-6123: not fixed in latest security releases https://bugs.launchpad.net/bugs/331410 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to net-snmp in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 331410] Re: CVE-2008-6123: not fixed in latest security releases
** Changed in: net-snmp (Ubuntu Lucid) Status: Fix Committed => Fix Released -- CVE-2008-6123: not fixed in latest security releases https://bugs.launchpad.net/bugs/331410 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to net-snmp in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 331410] Re: CVE-2008-6123: not fixed in latest security releases
https://lists.ubuntu.com/archives/ubuntu-security- announce/2010-June/001098.html -- CVE-2008-6123: not fixed in latest security releases https://bugs.launchpad.net/bugs/331410 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to net-snmp in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 578922] Re: mysql configuration should be adjusted to help prevent against chained attacks against LAMP stack
** Changed in: apparmor (Ubuntu) Importance: Undecided => Medium ** Changed in: mysql-dfsg-5.1 (Ubuntu) Importance: Undecided => Medium ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- mysql configuration should be adjusted to help prevent against chained attacks against LAMP stack https://bugs.launchpad.net/bugs/578922 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 623144] Re: chkutmp assert failure: *** stack smashing detected ***: ./chkutmp terminated
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- chkutmp assert failure: *** stack smashing detected ***: ./chkutmp terminated https://bugs.launchpad.net/bugs/623144 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to chkrootkit in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 625214] Re: package drbd8-source 2:8.3.7-1ubuntu2.1 failed to install/upgrade: drbd8 kernel module failed to build
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- package drbd8-source 2:8.3.7-1ubuntu2.1 failed to install/upgrade: drbd8 kernel module failed to build https://bugs.launchpad.net/bugs/625214 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to drbd8 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 719833] [NEW] ssh upstart job fails to actually bring up ssh
Public bug reported: When I reboot my router, ssh does not start. Feb 15 22:51:32 router init: ssh main process (897) terminated with status 255 Feb 15 22:51:32 router init: ssh main process ended, respawning Feb 15 22:51:32 router init: ssh main process (915) terminated with status 255 Feb 15 22:51:32 router init: ssh respawning too fast, stopped I do not bind to 0.0.0.0, so I must have networking up fully before ssh can start. Because "filesystem" happens before "networking" has started, the job fails. We might want to consider changing the upstart job to: start on filesystem and started networking ProblemType: Bug DistroRelease: Ubuntu 10.10 Package: openssh-server 1:5.5p1-4ubuntu5 ProcVersionSignature: Ubuntu 2.6.35-25.44-generic-pae 2.6.35.10 Uname: Linux 2.6.35-25-generic-pae i686 Architecture: i386 Date: Tue Feb 15 23:03:11 2011 ProcEnviron: PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssh ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 maverick -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/719833 Title: ssh upstart job fails to actually bring up ssh -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 719833] Re: ssh upstart job fails to actually bring up ssh
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/719833 Title: ssh upstart job fails to actually bring up ssh -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 722386] Re: sshd buffer overflow detected crash from certain ip addresses
The backtrace shows that this is from the pgsql PAM module. A quick check of the code shows that it is assuming that h_addr is always an IPv4 when it may not be, resulting in a potential overflow of the buffer it creates to hold an IP address. ** Package changed: openssh (Ubuntu) => pam-pgsql (Ubuntu) ** Changed in: pam-pgsql (Ubuntu) Importance: Undecided => Medium ** Changed in: pam-pgsql (Ubuntu) Status: New => Confirmed ** Summary changed: - sshd buffer overflow detected crash from certain ip addresses + PAM pgsql buffer overflow when dealing with IPv6 addresses -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/722386 Title: PAM pgsql buffer overflow when dealing with long addresses -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 723312] Re: package postfix 2.8.0-1~build1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
** Changed in: postfix (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. https://bugs.launchpad.net/bugs/723312 Title: package postfix 2.8.0-1~build1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 694029] Re: [natty] kvm guests become unstable after a while
I have no wireless on my system, and I just saw this in a VM I started. ** Changed in: linux (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. https://bugs.launchpad.net/bugs/694029 Title: [natty] kvm guests become unstable after a while -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 722815] Re: apparmor prevents ntp from reading gpsd
Thanks for tracking this down! Unfortunately, ipc_owner is a rather strong capability (allows access to all shared memory), and it looks like ntpd expects to actually write to the memory region (e.g. "shm->valid = 0" is in the code), so SHM_RDONLY doesn't seem viable either. Instead, I've added a note to the AppArmor profile itself pointing people to the right option if they want to enable it for their local system (since it doesn't seem appropriate to do this by default for all ntpd users). ** Changed in: ntp (Ubuntu) Status: Confirmed => Fix Committed ** Changed in: ntp (Ubuntu) Assignee: (unassigned) => Kees Cook (kees) ** Changed in: ntp (Ubuntu) Importance: Low => Wishlist -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in ubuntu. https://bugs.launchpad.net/bugs/722815 Title: apparmor prevents ntp from reading gpsd -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 733914] [NEW] autofs races network interfaces, ends up not working
Public bug reported: Binary package hint: autofs5 When autofs starts, the network may not be up yet. "started net-device- up IFACE!=lo" does not handle multi-homed machines, bridging, etc. autofs needs to wait until all configured networking has finished coming up before starting. ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: autofs5 5.0.5-0ubuntu4 ProcVersionSignature: Ubuntu 2.6.38-6.34-generic 2.6.38-rc7 Uname: Linux 2.6.38-6-generic x86_64 Architecture: amd64 Date: Sat Mar 12 08:58:22 2011 ProcEnviron: LANGUAGE=en_US:en PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: autofs5 UpgradeStatus: Upgraded to natty on 2006-11-27 (1565 days ago) ** Affects: autofs5 (Ubuntu) Importance: Medium Assignee: Canonical Server Team (canonical-server) Status: New ** Affects: autofs5 (Ubuntu Natty) Importance: Medium Assignee: Canonical Server Team (canonical-server) Status: New ** Tags: amd64 apport-bug natty regression-release -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to autofs5 in ubuntu. https://bugs.launchpad.net/bugs/733914 Title: autofs races network interfaces, ends up not working -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 733914] Re: autofs races network interfaces, ends up not working
** Tags added: regression-release ** Also affects: autofs5 (Ubuntu Natty) Importance: Undecided Status: New ** Changed in: autofs5 (Ubuntu Natty) Assignee: (unassigned) => Canonical Server Team (canonical-server) ** Changed in: autofs5 (Ubuntu Natty) Milestone: None => ubuntu-11.04-beta-1 ** Changed in: autofs5 (Ubuntu Natty) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to autofs5 in ubuntu. https://bugs.launchpad.net/bugs/733914 Title: autofs races network interfaces, ends up not working -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 731878] Re: shutdown(2) behavior changed in kernel
This appears to be a behavioral change to the shutdown(2) function. The socket gets only partially shut down. It's like "close()" was called instead of "shutdown()" which is supposed to kill the socket everywhere. ** Summary changed: - amavis force-reload crashes amavis + shutdown(2) behavior changed in kernel ** Package changed: amavisd-new (Ubuntu) => linux (Ubuntu) ** Changed in: linux (Ubuntu) Importance: Undecided => High ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu) Milestone: None => ubuntu-11.04-beta-2 ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in Ubuntu. https://bugs.launchpad.net/bugs/731878 Title: shutdown(2) behavior changed in kernel -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 694029] Re: [natty] kvm guests become unstable after a while
model name : Intel(R) Core(TM)2 Quad CPUQ6600 @ 2.40GHz -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in Ubuntu. https://bugs.launchpad.net/bugs/694029 Title: [natty] kvm guests become unstable after a while -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 230197] Re: network-manager-openvpn is incapable of supplying openssl-vulnkey with the X.509 key passphrase it requests
** Changed in: openvpn (Ubuntu) Assignee: iamn fouda (eman-abu-fouda) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/230197 Title: network-manager-openvpn is incapable of supplying openssl-vulnkey with the X.509 key passphrase it requests -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 768707] [NEW] cyrus-sasl2-heimdal uninstallable and ftbfs
Public bug reported: cyrus-sasl2-heimdal 2.1.23.dfsg1-5.1ubuntu1 is uninstallable with cyrus- sasl2 2.1.23.dfsg1-5ubuntu3, and ftbfs due to heimdal changes, from what I can see. I suspect the only way forward on this is to get cyrus-sasl2 2.1.23.dfsg1-6 (or, likely, newer) into natty which merges in the heimdal source and fixes the compilation problems. ** Affects: cyrus-sasl2-heimdal (Ubuntu) Importance: Undecided Status: Confirmed ** Package changed: cyrus-sasl2 (Ubuntu) => cyrus-sasl2-heimdal (Ubuntu) ** Changed in: cyrus-sasl2-heimdal (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/768707 Title: cyrus-sasl2-heimdal uninstallable and ftbfs -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
** Changed in: exim4 (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
Just as a note, due to Ubuntu's default compiler flags[1], this vulnerability is "only" a denial-of-service and does not seem to result in arbitrary code execution. [1] https://wiki.ubuntu.com/CompilerFlags -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
AAaargh. Who reimplements sprintf!? I am working on hardy and dapper now. Will have this uploaded shortly. Thanks for double-checking and getting the Lucid and Oneiric patches ready! At least full ASLR (PIE[1]) is in place in Lucid and later, so exploiting this is difficult, but not impossible. [1] https://wiki.ubuntu.com/Security/Features#pie -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 779391] Re: CVE-2011-1764: format string vulnerability
Er, nevermind, DKIM was added after Hardy.
** Also affects: exim4 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: exim4 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: exim4 (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: exim4 (Ubuntu Oneiric)
Importance: Undecided
Status: Triaged
** Changed in: exim4 (Ubuntu Lucid)
Status: New => Fix Committed
** Changed in: exim4 (Ubuntu Maverick)
Status: New => Fix Committed
** Changed in: exim4 (Ubuntu Natty)
Status: New => Fix Committed
** Changed in: exim4 (Ubuntu Oneiric)
Status: Triaged => In Progress
** Changed in: exim4 (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: exim4 (Ubuntu Maverick)
Importance: Undecided => Medium
** Changed in: exim4 (Ubuntu Natty)
Importance: Undecided => Medium
** Changed in: exim4 (Ubuntu Oneiric)
Importance: Undecided => Medium
** Changed in: exim4 (Ubuntu Lucid)
Assignee: (unassigned) => Kees Cook (kees)
** Changed in: exim4 (Ubuntu Maverick)
Assignee: (unassigned) => Kees Cook (kees)
** Changed in: exim4 (Ubuntu Natty)
Assignee: (unassigned) => Kees Cook (kees)
** Changed in: exim4 (Ubuntu Oneiric)
Assignee: (unassigned) => Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/779391
Title:
CVE-2011-1764: format string vulnerability
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 793694] Re: Format string bug in parselog.pl
This looks like a regular bug to me. I don't think Perl will deal with the %n in an unsafe way. ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/793694 Title: Format string bug in parselog.pl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/793694/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 810270] Re: AppArmor profiles need updates for /var/run → /run and /var/lock → /run/lock and /dev/shm → /run/shm
If filesystem paths have been relocated, please use /etc/apparmor.d/tunables/alias to handle replacements. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/810270 Title: AppArmor profiles need updates for /var/run → /run and /var/lock → /run/lock and /dev/shm → /run/shm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/810270/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966707] [NEW] not built with all hardening features
Public bug reported: vsftpd has only a partially hardened build. Debian fixed this, and the solution is trivial. ** Affects: vsftpd (Ubuntu) Importance: Undecided Status: New ** Affects: vsftpd (Ubuntu Precise) Importance: Undecided Status: New ** Tags: patch ** Also affects: vsftpd (Ubuntu Precise) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vsftpd in Ubuntu. https://bugs.launchpad.net/bugs/966707 Title: not built with all hardening features To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/966707/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966707] Re: not built with all hardening features
** Patch added: "vsftpd_2.3.5-1ubuntu2.debdiff" https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/966707/+attachment/2951684/+files/vsftpd_2.3.5-1ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vsftpd in Ubuntu. https://bugs.launchpad.net/bugs/966707 Title: not built with all hardening features To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/966707/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966707] Re: not built with all hardening features
** Changed in: vsftpd (Ubuntu Precise) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vsftpd in Ubuntu. https://bugs.launchpad.net/bugs/966707 Title: not built with all hardening features To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/966707/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1534340] [NEW] openssh server 6.6 does not report max auth failures
Public bug reported:
Brute force attacks against openssh on Trusty will not log "max auth"
key-based attempts, leaving their brute forcing invisible to the logs
and anything that consumes logs, like fail2ban. Version 6.7 introduced
the logging, but it's missing in Trusty. Since Trusty is LTS, it would
seem sensible to have this feature backported.
[Impact] Bruce force attempts using private keys are invisible to logs,
which renders defenses like fail2ban useless.
[Test case] Create 20 SSH keys, try to log in over SSH, note lack of
logging the failures.
[Regression Potential] Very unlikely regression potential as the "max
auth" condition is already handled in code, it just wasn't logging. The
change only adds the missing logging.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: openssh (Ubuntu Trusty)
Importance: Undecided
Assignee: Kees Cook (kees)
Status: New
** Also affects: openssh (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: openssh (Ubuntu)
Status: New => Fix Released
** Changed in: openssh (Ubuntu Trusty)
Assignee: (unassigned) => Kees Cook (kees)
** Description changed:
Brute force attacks against openssh on Trusty will not log "max auth"
key-based attempts, leaving their brute forcing invisible to the logs
and anything that consumes logs, like fail2ban. Version 6.7 introduced
the logging, but it's missing in Trusty. Since Trusty is LTS, it would
seem sensible to have this feature backported.
+
+ [Impact] Bruce force attempts using private keys are invisible to logs,
+ which renders defenses like fail2ban useless.
+
+ [Test case] Create 20 SSH keys, try to log in over SSH, note lack of
+ logging the failures.
+
+ [Regression Potential] Very unlikely regression potential as the "max
+ auth" condition is already handled in code, it just wasn't logging. The
+ change only adds the missing logging.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1534340
Title:
openssh server 6.6 does not report max auth failures
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1534340/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1534340] Re: openssh server 6.6 does not report max auth failures
** Patch added: "openssh_6.6p1-2ubuntu2.5.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1534340/+attachment/4550125/+files/openssh_6.6p1-2ubuntu2.5.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1534340 Title: openssh server 6.6 does not report max auth failures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1534340/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1534340] Re: openssh server 6.6 does not report max auth failures
** Changed in: openssh (Ubuntu Trusty) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1534340 Title: openssh server 6.6 does not report max auth failures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1534340/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1416039] Re: Broken apparmor profile
This is needed for trusty too, it seems. ** Also affects: squid3 (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1416039 Title: Broken apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1416039/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1418778] Re: Stack smashing while using a lot of connections
Today I learned that Apache raises its rlimit for open files to 8192 by default. This is controlled by APACHE_ULIMIT_MAX_FILES. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libfcgi in Ubuntu. https://bugs.launchpad.net/bugs/1418778 Title: Stack smashing while using a lot of connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/1418778/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1331503] [NEW] apparmor profile missing "link" permission
Public bug reported: type=1400 audit(1403024365.999:20455): apparmor="DENIED" operation="link" prof ile="/usr/sbin/named" name="/var/lib/bind/db-GFtoRz38" pid=32341 comm="named" requested_mask="l" denied_mask="l" fsuid=105 ouid=105 target="/var/lib/bind/db.MYDOMAIN" /etc/apparmor.d/usr.sbin.named is missing "l" for /var/lib/bind/**: It should be: /var/lib/bind/** lrw, ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New ** Affects: bind9 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: bind9 (Ubuntu Precise) Importance: Undecided Status: New ** No longer affects: bind9 (Ubuntu Precise) ** Also affects: bind9 (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1331503 Title: apparmor profile missing "link" permission To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1331503/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1331503] Re: apparmor profile missing "link" permission
Seems to break slaved domain updates. (i.e. my server is secondary for a master server, and when they make changes the AXFR seems to throw this into the kernel logs.) Since the /var/cache line has "l" already, it seems like just a simple fix; I didn't investigate the true origin. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1331503 Title: apparmor profile missing "link" permission To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1331503/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 616759] Re: CVE-2009-3555 tracking bug
I can confirm that the firefox CVE-2009-3555 warnings go away once these packages are installed on Lucid. Additionally, I tested that sasl and dovecot still work as expected. Awesome. :) -- CVE-2009-3555 tracking bug https://bugs.launchpad.net/bugs/616759 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 644009] Re: package nagios3-common 3.0.6-2ubuntu1.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Tags added: jaunty -- package nagios3-common 3.0.6-2ubuntu1.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1 https://bugs.launchpad.net/bugs/644009 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 647600] Re: package mysql-server-5.0 (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Tags added: karmic -- package mysql-server-5.0 (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1 https://bugs.launchpad.net/bugs/647600 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 655442] [NEW] memory content leak when using invalid utf-8 with XMLWriter::writeAttribute
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: php5 It seems that PHP is not correctly using libxml2's xmlwriter routines, and allows passing in invalid utf-8 strings which are then misparsed by libxml2, allowing memory contents to leak into the resulting output. Actual output: PHP Warning: XMLWriter::writeAttribute(): string is not in UTF-8 in /tmp/xmlwriter.php on line 12 Expected output: ** Affects: php Importance: Unknown Status: Unknown ** Affects: php5 (Ubuntu) Importance: Low Status: Confirmed ** This bug has been flagged as a security vulnerability -- memory content leak when using invalid utf-8 with XMLWriter::writeAttribute https://bugs.launchpad.net/bugs/655442 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 655442] Re: memory leak when using invalid utf-8 with XMLWriter::writeAttribute
** Attachment added: "xmlwriter.php" https://bugs.edge.launchpad.net/ubuntu/+source/php5/+bug/655442/+attachment/1674325/+files/xmlwriter.php ** Changed in: php5 (Ubuntu) Status: New => Confirmed ** Changed in: php5 (Ubuntu) Importance: Undecided => Low ** Summary changed: - memory leak when using invalid utf-8 with XMLWriter::writeAttribute + memory content leak when using invalid utf-8 with XMLWriter::writeAttribute -- memory content leak when using invalid utf-8 with XMLWriter::writeAttribute https://bugs.launchpad.net/bugs/655442 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 655442] Re: memory content leak when using invalid utf-8 with XMLWriter::writeAttribute
Appears broken all the way back through Hardy. Dapper behaves correctly. ** Bug watch added: bugs.php.net/ #52998 http://bugs.php.net/bug.php?id=52998 ** Also affects: php via http://bugs.php.net/bug.php?id=52998 Importance: Unknown Status: Unknown -- memory content leak when using invalid utf-8 with XMLWriter::writeAttribute https://bugs.launchpad.net/bugs/655442 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 655442] Re: memory content leak when using invalid utf-8 with XMLWriter::writeAttribute
I've also reported this to libxml2, in case it should be fixed there instead. https://bugzilla.gnome.org/show_bug.cgi?id=631551 ** Bug watch added: GNOME Bug Tracker #631551 https://bugzilla.gnome.org/show_bug.cgi?id=631551 -- memory content leak when using invalid utf-8 with XMLWriter::writeAttribute https://bugs.launchpad.net/bugs/655442 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 655442] Re: memory content leak when using invalid utf-8 with XMLWriter::writeAttribute
** Package changed: php5 (Ubuntu) => libxml2 (Ubuntu) ** Also affects: libxml2 via https://bugzilla.gnome.org/show_bug.cgi?id=631551 Importance: Unknown Status: Unknown -- memory content leak when using invalid utf-8 with XMLWriter::writeAttribute https://bugs.launchpad.net/bugs/655442 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 671672] [NEW] Sync krb5 1.8.3+dfsg-2 (main) from Debian unstable (main)
Public bug reported: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 affects ubuntu/krb5 status confirmed importance wishlist subscribe ubuntu-archive done Please sync krb5 1.8.3+dfsg-2 (main) from Debian unstable (main) Explanation of the Ubuntu delta and why it can be dropped: Ubuntu changes are in Debian too now (MITKRB5-SA-2010-006) Changelog entries since current natty version 1.8.1+dfsg-5ubuntu0.1: krb5 (1.8.3+dfsg-2) unstable; urgency=high * MITKRB5-SA-2010-006 [CVE-2010-1322]: null pointer dereference in kdc_authdata.c leading to KDC crash, Closes: #599237 * Fix two memory leaks in krb5_get_init_creds path; one of these memory leaks is quite common for any application such as PAM or kinit that gets initial credentials, thanks Bastian Blank, Closes: #598032 * Install doc/CHANGES only in krb5-doc, not in all packages, saves several megabytes on most Debian systems, Closes: #599562 -- Sam Hartman Wed, 13 Oct 2010 10:41:19 -0400 krb5 (1.8.3+dfsg-1) unstable; urgency=low * New Upstream release; only change is version bump from beta1 to final * Bring back a libkrb53 oldlibs package. Note that this is technically a policy violation because it doesn't provide libdes425.so.3 or libkrb4.so.2 and thus provides a different ABI. However, some packages, such as postgres8.4 require the lenny version to be present for the squeeze transition, so we cannot force the removal of libkrb53's reverse dependencies. We can conflict or break with lenny packages that will not work with this libkrb53, but we may break out-of-archive packages without notice. Absent someone coming up with a patch to the modern libk5crypto-3 that allows it to work with the lenny libkrb53 (a weekend's worth of work proved this would be quite difficult), this is the best solution we've come up with, Closes: #596678 -- Sam Hartman Sun, 19 Sep 2010 14:59:46 -0400 krb5 (1.8.3+dfsg~beta1-2) unstable; urgency=low * Remove documentation that has moved to the krb5-appl package and is not shipped upstream from Debian diff -- Sam Hartman Tue, 10 Aug 2010 15:33:15 -0400 krb5 (1.8.3+dfsg~beta1-1) unstable; urgency=low * New Upstream version * Add breaks with libkrb53 because libdes425 cannot work with new libk5crypto3 (Closes: #557929) * You want this version: it fixes an incompatibility with how PACs are verified with Windows 2008 * As a result of libkrb53 breaks, we no longer get into problems with krb5int_hmac, Closes: #566988 * Note that libkdb5-4 breaks rather than conflicts libkadm5srv6, Closes: #565429 * Start kdc before x display managers, Closes: #588536 -- Sam Hartman Thu, 05 Aug 2010 12:15:50 -0400 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Kees Cook iQIcBAEBCgAGBQJM1JULAAoJEIly9N/cbcAmGMsP/RaoAMd60/WBWDkBJJnSjsu2 GgvQkeZPfYtXhV68dAZRMTsVAtQOz2+LC2EvFcY8NO+h9a4xezFXAGgIw46Th2Qj aXcHgqHQKPEY3s28qBtI0j3AeVWmHWQ7QCj7MkFoaB5E9baVH7EQOdoNF+KKfDXn SgqC0U1jq0IP4aFTfOnw89ypYhMvBnkJZyoJcLQN3wwjtju3kw6EhyRW3M6Z1N/B vPL1FNoASJgqQVIFpKYbaFck9yC79H1v1YCRXK8o4UFg3TFW3QPAqj5U4fx3+mNP M1EYBaT+txT5XTN/cTAQwy0NCOdBviSMtgiwn8bpR+gGmC8xZvyYLIZlu2J9lu/I Srn5icCWBO1wiYe63Kw+J1hI+VAPo+ale06TGCGGg3u2tZd8a9v0GyxpPeM8dn87 uau6EZIbbGvQv4ADmx11YmqjT7DIXyYtCD4QImEdeNMHQgaueaplUY8zStLab1ZH UJxwtBYwy/0Ntg6dDDho01sBPufa918MgGES3O2/aTR6295IZwhVpKM7qSIrHdAP AkOFUWMU8tPKXKR8BD1ejSD4K3mpoIgqvaoGS04m4FAPNjz6DhlpCwA5Y7D8flLm KmTa/5WQbEGUQA4TUnhysnSx5psMQpynDc4699V47nlV97jzjyuC3Mi3q2CX5SC7 D46k8ZhW9nlnRu0xg08x =YLbr -END PGP SIGNATURE- ** Affects: krb5 (Ubuntu) Importance: Wishlist Status: Confirmed -- Sync krb5 1.8.3+dfsg-2 (main) from Debian unstable (main) https://bugs.launchpad.net/bugs/671672 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 684874] Re: Merge rabbitmq-server 2.2.0-1 (main) from Debian unstable (main)
Based on the comments in bug #506985, I think this delta should have been dropped in maverick (it was only to support pre-lucid upgrades). After looking at the package diffs, this is the only real difference between Ubuntu and Debian now, so I think this bug should be changed from a merge to a sync. ** Summary changed: - Merge rabbitmq-server 2.2.0-1 (main) from Debian unstable (main) + Sync rabbitmq-server 2.2.0-1 (main) from Debian unstable (main) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to rabbitmq-server in ubuntu. https://bugs.launchpad.net/bugs/684874 Title: Sync rabbitmq-server 2.2.0-1 (main) from Debian unstable (main) -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 611316] Re: Segmentation fault in php5-sybase
** Changed in: php5 (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/611316 Title: Segmentation fault in php5-sybase -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 43574] Re: Needs Ubuntu-style init script
Thanks, this looks good. I'll upload shortly. ** Changed in: xinetd (Ubuntu) Status: In Progress => Fix Committed ** Changed in: xinetd (Ubuntu) Assignee: (unassigned) => Scott Moser (smoser) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to xinetd in ubuntu. https://bugs.launchpad.net/bugs/43574 Title: Needs Ubuntu-style init script -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 688522] Re: [FTBFS] Eucalyptus doesn't build on maverick, with -security pocket enabled
** Changed in: eucalyptus (Ubuntu Maverick) Status: New => Invalid ** Changed in: openjdk-6 (Ubuntu Maverick) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. https://bugs.launchpad.net/bugs/688522 Title: [FTBFS] Eucalyptus doesn't build on maverick, with -security pocket enabled -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 691345] Re: buffer overflow in tftp
** Changed in: tftp-hpa (Ubuntu)
Status: New => Fix Committed
** Changed in: tftp-hpa (Ubuntu)
Assignee: (unassigned) => Kees Cook (kees)
** Changed in: tftp-hpa (Ubuntu)
Importance: Undecided => Medium
** Changed in: netkit-tftp (Ubuntu)
Status: New => Confirmed
** Also affects: netkit-tftp (Ubuntu Natty)
Importance: Undecided
Status: Confirmed
** Also affects: tftp-hpa (Ubuntu Natty)
Importance: Medium
Assignee: Kees Cook (kees)
Status: Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tftp-hpa in ubuntu.
https://bugs.launchpad.net/bugs/691345
Title:
buffer overflow in tftp
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 691345] Re: buffer overflow in tftp
** Changed in: netkit-tftp (Ubuntu Natty) Status: Confirmed => Fix Committed ** Changed in: netkit-tftp (Ubuntu Natty) Assignee: (unassigned) => Kees Cook (kees) ** Changed in: netkit-tftp (Ubuntu Natty) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tftp-hpa in ubuntu. https://bugs.launchpad.net/bugs/691345 Title: buffer overflow in tftp -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 691414] [NEW] clamav taking extremely long time to load database
Public bug reported: Binary package hint: clamav # apt-cache policy clamav-daemon clamav-daemon: Installed: 0.96.3+dfsg-2ubuntu1.0.10.04.2 Candidate: 0.96.3+dfsg-2ubuntu1.0.10.04.2 Since the security update of clamav, the daemon takes multiple minutes to load its virus database, and is causing random timeouts for users of the unix socket (in my case, mimedefang), triggering repeated 400-series email temp-fails each time freshclam issues a reload request. strace just shows it slowly allocating memory and not doing much else. Logs don't seem to help: Thu Dec 16 20:58:34 2010 -> +++ Started at Thu Dec 16 20:58:34 2010 Thu Dec 16 20:58:34 2010 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Thu Dec 16 20:58:34 2010 -> Log file size limit disabled. Thu Dec 16 20:58:34 2010 -> Reading databases from /var/lib/clamav/ Thu Dec 16 20:58:34 2010 -> Not loading PUA signatures. Thu Dec 16 20:58:38 2010 -> Loaded 856324 signatures. But minutes later, it's still spinning at 100% CPU and non-responsive on its socket. Here's the backtrace while its stuck: (gdb) bt #0 __find<__gnu_cxx::__normal_iterator > >, llvm::BasicBlock const*> (this=0x1a9f300, L=0x1466740, ExitingBlock=) at /usr/include/c++/4.4/bits/stl_algo.h:186 #1 find<__gnu_cxx::__normal_iterator > >, llvm::BasicBlock const*> (this=0x1a9f300, L=0x1466740, ExitingBlock=) at /usr/include/c++/4.4/bits/stl_algo.h:4224 #2 llvm::LoopBase::contains (this=0x1a9f300, L=0x1466740, ExitingBlock=) at ./llvm/include/llvm/Analysis/LoopInfo.h:108 #3 llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExit (this=0x1a9f300, L=0x1466740, ExitingBlock=) at llvm/lib/Analysis/ScalarEvolution.cpp:3612 #4 0x7f6591bad79f in llvm::ScalarEvolution::ComputeBackedgeTakenCount (this=0x1a9f300, L=0x1466740) at llvm/lib/Analysis/ScalarEvolution.cpp:3542 #5 0x7f6591badaa5 in llvm::ScalarEvolution::getBackedgeTakenInfo (this=0x1a9f300, L=0x1466740) at llvm/lib/Analysis/ScalarEvolution.cpp:3415 #6 0x7f6591badfa9 in llvm::ScalarEvolution::getMaxBackedgeTakenCount (this=0x299a6e0, L=0x7) at llvm/lib/Analysis/ScalarEvolution.cpp:3390 #7 0x7f6591966040 in loopNeedsTimeoutCheck (this=, F=) at bytecode2llvm.cpp:363 #8 runOnFunction (this=, F=) at bytecode2llvm.cpp:435 #9 0x7f6591ab8166 in llvm::FPPassManager::runOnFunction (this=0x11a6ae0, F=...) at llvm/lib/VMCore/PassManager.cpp:1350 #10 0x7f6591ab827b in llvm::FPPassManager::runOnModule (this=0x11a6ae0, M=...) at llvm/lib/VMCore/PassManager.cpp:1371 #11 0x7f6591ab7d0b in llvm::MPPassManager::runOnModule (this=0x11cdab0, M=...) at llvm/lib/VMCore/PassManager.cpp:1424 #12 0x7f6591ab7e99 in llvm::PassManagerImpl::run (this=0x11a1dc0, M=...) at llvm/lib/VMCore/PassManager.cpp:1506 #13 0x7f659196dcff in generate (this=0x7fffe4746540) at bytecode2llvm.cpp:1411 #14 0x7f659196f85b in cli_bytecode_prepare_jit (bcs=) at bytecode2llvm.cpp:1826 #15 0x7f659194bec1 in cli_bytecode_prepare2 (engine=0x10fdb60, bcs=0x10fdc50, dconfmask=7) at bytecode.c:2353 #16 0x7f65918d0310 in cl_engine_compile (engine=0x10fdb60) at readdb.c:3112 #17 0x00407cfc in main (argc=, argv=) at clamd.c:495 ** Affects: clamav (Ubuntu) Importance: Undecided Status: New ** Affects: clamav (Ubuntu Lucid) Importance: Undecided Status: New ** Description changed: Binary package hint: clamav # apt-cache policy clamav-daemon clamav-daemon: - Installed: 0.96.3+dfsg-2ubuntu1.0.10.04.2 - Candidate: 0.96.3+dfsg-2ubuntu1.0.10.04.2 + Installed: 0.96.3+dfsg-2ubuntu1.0.10.04.2 + Candidate: 0.96.3+dfsg-2ubuntu1.0.10.04.2 - - Since the security update of clamav, the daemon takes multiple minutes to load its virus database, and is causing random timeouts for users of the unix socket (in my case, mimedefang), trigger 400-series email temp-fails. + Since the security update of clamav, the daemon takes multiple minutes + to load its virus database, and is causing random timeouts for users of + the unix socket (in my case, mimedefang), trigger 400-series email temp- + fails. strace just shows it slowly allocating memory and not doing much else. Logs don't seem to help: Thu Dec 16 20:58:34 2010 -> +++ Started at Thu Dec 16 20:58:34 2010 Thu Dec 16 20:58:34 2010 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Thu Dec 16 20:58:34 2010 -> Log file size limit disabled. Thu Dec 16 20:58:34 2010 -> Reading databases from /var/lib/clamav/ Thu Dec 16 20:58:34 2010 -> Not loading PUA signatures. Thu Dec 16 20:58:38 2010 -> Loaded 856324 signatures. But minutes later, it's still spinning at 100% CPU and non-responsive on its socket. - Debug symbols seem incomplete for some reason, but here's the backtrace - while it's stuck, FWIW: + Here's the backtrace while its stuck: (gdb) bt - #0 0x7f6591bad32c in ?? () from /usr/lib/libclamav.so.6 - #1 0x7f6591bad79f in ?? () from /usr/lib/lib
[Bug 691414] Re: clamav taking extremely long time to load database
I can confirm as well, the long load times are gone and I'm able to scan incoming email again. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in ubuntu. https://bugs.launchpad.net/bugs/691414 Title: clamav taking extremely long time to load database -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 695985] Re: /etc/mysql/debian-start exposes debian-sys-maint users password to any users on the box via ps(1)
** Visibility changed to: Public ** Changed in: mysql-5.1 (Ubuntu) Status: New => Confirmed ** Changed in: mysql-5.1 (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.1 in ubuntu. https://bugs.launchpad.net/bugs/695985 Title: /etc/mysql/debian-start exposes debian-sys-maint users password to any users on the box via ps(1) -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 706917] Re: ClamAV misses "SafeBrowsing" option in freshclam.conf
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in ubuntu. https://bugs.launchpad.net/bugs/706917 Title: ClamAV misses "SafeBrowsing" option in freshclam.conf -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713855] Re: Merge exim4 4.74-1 (main) from Debian experimental (main)
This looks pretty good. Can you change 71_exiq_grep_error_on_messages_without_size.patch to use the upstream fix (from that report), drop the "From" (this should have been Author: with Daniel van Eeden) and add an Origin: line, and finally mention the debian bug # in the changelog? Thanks! ** Changed in: exim4 (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in ubuntu. https://bugs.launchpad.net/bugs/713855 Title: Merge exim4 4.74-1 (main) from Debian experimental (main) -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 576949] Re: [lucid] LOAD DATA INFILE fails in replication, simple patch available in 5.1.43
This looks good; I'll upload it to -proposed now. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. https://bugs.launchpad.net/bugs/576949 Title: [lucid] LOAD DATA INFILE fails in replication, simple patch available in 5.1.43 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 576949] Re: [lucid] LOAD DATA INFILE fails in replication, simple patch available in 5.1.43
This has been uploaded to -proposed. Once it has built, please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Thank you in advance! ** Changed in: mysql-dfsg-5.1 (Ubuntu Lucid) Status: Confirmed => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. https://bugs.launchpad.net/bugs/576949 Title: [lucid] LOAD DATA INFILE fails in replication, simple patch available in 5.1.43 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713855] Re: Merge exim4 4.74-1 (main) from Debian experimental (main)
Thanks! I've uploaded this merge now. ** Changed in: exim4 (Ubuntu) Status: Incomplete => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in ubuntu. https://bugs.launchpad.net/bugs/713855 Title: Merge exim4 4.74-1 (main) from Debian experimental (main) -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 699967] Re: Empty list of plugins/services with hostname containing uppercase letters
This has been uploaded to -proposed. Once it has built, please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Thank you in advance! ** Also affects: munin (Ubuntu Maverick) Importance: Undecided Status: New ** Changed in: munin (Ubuntu Maverick) Status: New => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to munin in ubuntu. https://bugs.launchpad.net/bugs/699967 Title: Empty list of plugins/services with hostname containing uppercase letters -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 697197] Re: Empty password allows access to VNC in libvirt
** Changed in: libvirt (Ubuntu Natty) Importance: High => Undecided ** Changed in: libvirt (Ubuntu Natty) Assignee: Serge Hallyn (serge-hallyn) => (unassigned) ** Changed in: qemu-kvm (Ubuntu Maverick) Milestone: maverick-updates => None ** Changed in: libvirt (Ubuntu Lucid) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. https://bugs.launchpad.net/bugs/697197 Title: Empty password allows access to VNC in libvirt -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 697197] Re: Empty password allows access to VNC in libvirt
Thanks for preparing the debdiffs! It looks like karmic is vulnerable
too, so we'll need that as well. I'll update the debdiffs to use proper
DEP-3 and fix up the formatting of the changelogs a bit ("CVE-" vs "CVE:
"), and get these building.
** Also affects: libvirt (Ubuntu Karmic)
Importance: Undecided
Status: New
** Also affects: qemu-kvm (Ubuntu Karmic)
Importance: Undecided
Status: New
** Changed in: libvirt (Ubuntu Karmic)
Status: New => Invalid
** Changed in: qemu-kvm (Ubuntu Karmic)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 697197] Re: Empty password allows access to VNC in libvirt
** Changed in: qemu-kvm (Ubuntu Maverick) Assignee: Ubuntu Security Team (ubuntu-security) => Kees Cook (kees) ** Changed in: qemu-kvm (Ubuntu Lucid) Assignee: Ubuntu Security Team (ubuntu-security) => Kees Cook (kees) ** Changed in: qemu-kvm (Ubuntu Karmic) Importance: Undecided => Medium ** Changed in: qemu-kvm (Ubuntu Karmic) Assignee: (unassigned) => Kees Cook (kees) ** Changed in: qemu-kvm (Ubuntu Lucid) Status: In Progress => Fix Committed ** Changed in: qemu-kvm (Ubuntu Maverick) Status: In Progress => Fix Committed ** Changed in: qemu-kvm (Ubuntu Karmic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. https://bugs.launchpad.net/bugs/697197 Title: Empty password allows access to VNC in libvirt -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 800340] Re: [MIR] ipxe
This looks fine to me. +1 ** Changed in: ipxe (Ubuntu) Status: New => In Progress ** Changed in: ipxe (Ubuntu) Assignee: Kees Cook (kees) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/800340 Title: [MIR] ipxe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipxe/+bug/800340/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 817187] Re: change in readlink() errno in 2.6.39 and later kernels causes FTBFS for packages with older gnulib
Packages with gnulib in their source: main: augeas binfmt-support eglibc findutils gdb glib2.0 groff grub2 hello hello-debhelper liblouis libpipeline libtasn1-3 libvirt man-db mlocate texinfo universe/multiverse: amanda eiskaltdcpp freedink genparse hivex instantbird libdc0 libdrizzle liblouisxml mpop msmtp z80asm -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/817187 Title: change in readlink() errno in 2.6.39 and later kernels causes FTBFS for packages with older gnulib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/817187/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 801501] Re: [MIR] nova
Quick notes:
* should use /run instead of /var/run
* while it's nice to have the sudoers split, the sudoers fragment is wildly
permissive ("chown" as root is trivial to exploit). I would recommend specific
helper scripts that validate the logic of the requested dangerous commands (see
the similar stuff in euca).
This is a rather large chunk of python daemons. I think a much more
complete security audit should be done, but that's not something I have
time for at the moment. On the up side, the code looks generally well
designed, though not really made to resist malicious admin use. Given
the scope of its intended use, I think it would be wise to keep this out
of main until it can really be more heavily audited. Trying to map the
dispatch actions to the possible code paths would probably take some
effort, and I'm worried that some of the web objects might have
unexpected exposed functions. Though perhaps I'm just not familiar
enough with the WSGI code.
** Changed in: nova (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/801501
Title:
[MIR] nova
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/801501/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 801501] Re: [MIR] nova
This is a step in the right direction (regex arg filtering is better than filename-glob filtering), but I think this probably needs to have even more logic built in. For example, running "ip ... $interface ..." might need logic to have the wrapper look up the interface and decide if it is actually a nova-controlled interface, etc. Overall, the trajectory for this design looks fine -- there is a well-defined boundary between "nova" and "root". Continuing to get it even more highly specified is the right way to go. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/801501 Title: [MIR] nova To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/801501/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 556167] Re: vmbuilder uses parted to create disk images, which leads to broken sector counts (cannot use grub2 on disk images created by vmbuilder/parted)
The problem is that parted treats local files (as used by vmbuilder) differently from "actual" disk files, and changes the sector size accordingly (without an option to change it). As a result, the partition start locations are too small for grub2 to install. I had originally reproduced this by using vmbuilder to install Ubuntu, and then attempting to update to grub2, which would fail, since there wasn't enough room. My previously attached hack/work-around for vmbuilder was to skip a sector when building the first partition. ** Changed in: parted (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vm-builder in Ubuntu. https://bugs.launchpad.net/bugs/556167 Title: vmbuilder uses parted to create disk images, which leads to broken sector counts (cannot use grub2 on disk images created by vmbuilder/parted) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/parted/+bug/556167/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 556167] Re: vmbuilder uses parted to create disk images, which leads to broken sector counts (cannot use grub2 on disk images created by vmbuilder/parted)
Hm, I don't agree. I think the problem is in libparted/arch/linux.c init_file(): dev->bios_geom.sectors = 32; vs _device_probe_geometry() which defaults to what the LBA reports or: dev->bios_geom.sectors = 63; So, when vmbuilder uses parted to build the disk, parted treats the disk file differently than it would a real LBA mode drive. Fixing this is the core cause of the problem, as far as I see it. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vm-builder in Ubuntu. https://bugs.launchpad.net/bugs/556167 Title: vmbuilder uses parted to create disk images, which leads to broken sector counts (cannot use grub2 on disk images created by vmbuilder/parted) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/parted/+bug/556167/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 892554] [NEW] SSH keys summary does not report ECDSA key
Public bug reported: The final report of SSH key fingerprints does not include ECDSA: $ ec2-get-console-output --region us-west-2 i-107ee921 ... Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: f8:bf:48:3a:a8:93:e1:1e:52:6d:08:ff:0a:a2:2d:eb root@ip-10-252-13-148 The key's randomart image is: +--[ RSA 2048]+ | | | | |.| | o o . | | + o . S| | ..o . | |+..o.. o| |+++o. .o o | |+E=o ... o. | +-+ Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: 1d:a6:d9:89:6f:7b:0a:a1:45:78:d4:ee:a8:21:c0:5c root@ip-10-252-13-148 The key's randomart image is: +--[ DSA 1024]+ |.. | |E o . | | o . . o.o | | +o B.o | | .So+ | |. .o.o. | | ..o. o | | . o ..| | oo | +-+ Generating public/private ecdsa key pair. Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key. Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub. The key fingerprint is: 4c:9a:68:f2:33:50:f1:6f:81:bf:e3:f3:05:9d:23:70 root@ip-10-252-13-148 The key's randomart image is: +--[ECDSA 256]---+ |.| | o . | |. o + E | | . . B + . . | | o o o S o +| | = . . o . | |+ o .| | o ... . | |.o. | +-+ ec2: ec2: # ec2: -BEGIN SSH HOST KEY FINGERPRINTS- ec2: 2048 f8:bf:48:3a:a8:93:e1:1e:52:6d:08:ff:0a:a2:2d:eb /etc/ssh/ssh_host_rsa_key.pub (RSA) ec2: 1024 1d:a6:d9:89:6f:7b:0a:a1:45:78:d4:ee:a8:21:c0:5c /etc/ssh/ssh_host_dsa_key.pub (DSA) ec2: -END SSH HOST KEY FINGERPRINTS- ec2: # Additionally, it would be better to report the entire public key portion so that keys could be programmatically included by the users of the instance. ** Affects: cloud-init (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 892554] Re: SSH keys summary does not report ECDSA key
What's the best way to add a known_hosts entry from these fingerprints? Maybe the -e option should be used instead of -l ? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 892554] Re: SSH keys summary does not report ECDSA key
On Mon, Nov 21, 2011 at 07:44:13PM -, Scott Moser wrote: > I don't think there is enough information to create an ssh known_hosts > entry from the fingerprint. I've written a blog post at > http://ubuntu-smoser.blogspot.com/2010/07/verify-ssh-keys-on-ec2-instances.html > demonstrating how to check the host before connecting. Ah, nice. This is a reasonable way to handle it for the moment. > Unfortunately, I don't think we can reasonably ditch the old default > behavior as many tools have been written to scrape console output looking > for this formated string. Right, I don't meant to ditch the fingerprint report, but instead, allow one to skip the ssh-keyscan step, and just pull the .pub file directly out of the console output. i.e. _add_ it to the console output. -- Kees Cook -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
Note that likewise-open will need to include a file like
/etc/apparmor.d/tunables/home.d/likewise-open
that contains:
@{HOMEDIRS}+=/home/likewise-open/*/
This is being removed from the AppArmor default now that home.d/ exists,
and default installs don't need this path (which is presently causing
bug 503869)
--
apparmor HOMEDIRS not adjusted for likewise
https://bugs.launchpad.net/bugs/274350
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to likewise-open in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 510732] Re: OpenSSH server sshd_config PermitRootLogin -> NO
The issue is a trade-off between three classes of people, I think: - People that have systems where root can SSH in (which consists of): - Those that want to SSH in as root - Those that are surprised they can SSH in as root - Those that don't care http://cheezburger.com/View.aspx?aid=3094191616 By changing the default to "no", we protect the class of people that don't care, and irritate the people that expect to log in as root. By leaving the default as "yes", the class of people that don't care are vulnerable, but irritate the people that think this is insecure. The choice depends on the perceived benefit in protecting that class of user while weighed against those expecting to log in as root without having to also change SSH configs. Is the dark green area larger than the blue area? -- OpenSSH server sshd_config PermitRootLogin -> NO https://bugs.launchpad.net/bugs/510732 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 510732] Re: OpenSSH server sshd_config PermitRootLogin -> NO
** Attachment added: "Diagram" http://launchpadlibrarian.net/38195645/129085743814232954.png ** Changed in: openssh (Ubuntu) Status: Incomplete => Confirmed -- OpenSSH server sshd_config PermitRootLogin -> NO https://bugs.launchpad.net/bugs/510732 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 510732] Re: OpenSSH server sshd_config PermitRootLogin -> NO
"authoritative resources"? I'm inferring that you think my use of a simple diagram tool to help illustrate this bug is somehow inappropriate? And yes, I know what layered security is. :) Please understand that the PermitRootLogin config default is not a new issue. I'm trying to make sure everyone can have the same language to discuss it, as this has traditionally been what has derailed discussions before. Also, I did not mention in my first comment, but I support changing this setting. That said, Ubuntu tries to make its decisions via consensus, which this issue does not have. I'm hoping to build such a consensus. The primary concern I have is for the safety of Ubuntu users, though it must be balanced against usability. A default system doesn't even have openssh-server installed (it is, of course, installed on nearly all server systems). A system _with_ openssh-server does not allow root login because the root user's password is locked. Therefore, the bulk of Ubuntu users are protected already from root-targeted SSH brute-force attacks. This bug is explicitly about the behavior of an already non-default system (openssh-server installed, root password enabled). For this minority of Ubuntu systems, the PermitRootLogin setting currently creates a problem for the people that aren't thinking about how brute forcing might compromise them (i.e. people that did not understand the implications of enabling the strongly discouraged root password). Changing the setting protects these people and gets in the way of people that do not know how to change PermitRootLogin to "yes". -- OpenSSH server sshd_config PermitRootLogin -> NO https://bugs.launchpad.net/bugs/510732 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 512975] [NEW] mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/USERNAME
Public bug reported: Logins fail for new users (autodetection is always failing): Jan 26 21:20:22 sec-lucid-amd64 dovecot: IMAP(tardvrnm): mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/tardvrnm Jan 26 21:20:22 sec-lucid-amd64 dovecot: IMAP(tardvrnm): Fatal: Namespace initialization failed The only way around this is to hard-code "mail_location" in the dovecot config which limits users from choosing mbox or Maildir. This is a regression from karmic, identified by: http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/annotate/head%3A/scripts/test-fetchmail.py ** Affects: dovecot (Ubuntu) Importance: Undecided Status: New ** Tags: regression-potential ** Tags added: regression-potential -- mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/USERNAME https://bugs.launchpad.net/bugs/512975 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dovecot in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 516862] Re: /usr/bin/timeadj doesn't appear to have stack protection
Ah-ha, yes, it's a tiny helper that has no arrays to protect in any functions. I've blacklisted that ELF for now. ** Changed in: ntp (Ubuntu) Status: New => Fix Released -- /usr/bin/timeadj doesn't appear to have stack protection https://bugs.launchpad.net/bugs/516862 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 518774] Re: package qemu-kvm 0.11.0-0ubuntu6.3 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 2
*** This bug is a duplicate of bug 512096 *** https://bugs.launchpad.net/bugs/512096 ** Tags added: karmic -- package qemu-kvm 0.11.0-0ubuntu6.3 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 2 https://bugs.launchpad.net/bugs/518774 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 521815] Re: breaks all builds requiring libmysqlclient-dev
** Also affects: mysql-dfsg-5.1 (Ubuntu) Importance: Undecided Status: New ** Changed in: mysql-dfsg-5.1 (Ubuntu) Status: New => Triaged ** Changed in: mysql-cluster-7.0 (Ubuntu) Status: Triaged => Fix Released ** Changed in: mysql-dfsg-5.1 (Ubuntu) Assignee: (unassigned) => Chuck Short (zulcss) ** Changed in: mysql-dfsg-5.1 (Ubuntu) Importance: Undecided => Critical -- breaks all builds requiring libmysqlclient-dev https://bugs.launchpad.net/bugs/521815 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 521815] Re: breaks all builds requiring libmysqlclient-dev
** Also affects: mysql-cluster-7.0 (Ubuntu Lucid) Importance: Critical Status: Fix Released ** Also affects: mysql-dfsg-5.1 (Ubuntu Lucid) Importance: Critical Assignee: Chuck Short (zulcss) Status: Triaged -- breaks all builds requiring libmysqlclient-dev https://bugs.launchpad.net/bugs/521815 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 429443] Re: /usr/bin/kvm-ok should be disassociated from kvm
This is sensible. If too much detection stuff like this ends up in update-notifier, I suspect we can just create a new package called "cpu- checker", which is the bzr tree I've current got the check-bios-nx code and test suite in. On another note, I would like to see kvm-ok improved somehow so that it is accurate after a system has been running for a while. Right now, if a system has been running a while and dmesg has scrolled off the top, or if the "kvm" module hasn't yet loaded, there's no feedback on if VT is disabled in the BIOS. -- /usr/bin/kvm-ok should be disassociated from kvm https://bugs.launchpad.net/bugs/429443 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 529411] Re: package postfix 2.6.5-3 failed to install/upgrade: alamprotsess installed post-installation script tagastas l?petamisel veakoodi 75
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Package changed: postfix (Ubuntu) => dpkg (Ubuntu) ** Tags added: karmic ** Package changed: dpkg (Ubuntu) => postfix (Ubuntu) -- package postfix 2.6.5-3 failed to install/upgrade: alamprotsess installed post-installation script tagastas l?petamisel veakoodi 75 https://bugs.launchpad.net/bugs/529411 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 530555] Re: package clamav-freshclam 0.95.3+dfsg-1ubuntu0.09.10 failed to install/upgrade: subprocess installed post-installation script returned error exit status 100
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Tags added: karmic -- package clamav-freshclam 0.95.3+dfsg-1ubuntu0.09.10 failed to install/upgrade: subprocess installed post-installation script returned error exit status 100 https://bugs.launchpad.net/bugs/530555 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 103010] Re: qemu no tun/tap networking
Please see https://help.ubuntu.com/community/KVM/Networking for a discussion of the issue. (Basically, it is unsafe to ship it this way as it gives any local user the ability to disrupt networking.) ** Changed in: qemu-kvm (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- qemu no tun/tap networking https://bugs.launchpad.net/bugs/103010 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 103010] Re: qemu no tun/tap networking
@Chris Yup, I understand how capabilities work. I'm actively working on getting fscaps functioning with Debian/Ubuntu packaging (see https://wiki.ubuntu.com/Security/FilesystemCapabilties). (You seemed to miss me changing "ep" to "ei" in the wiki -- I've added the old instructions back and clarified the procedure.) Just because qemu claims to only work on tun/tap devices doesn't mean it can't be subverted into working on arbitrary network devices. In a perfect world, upstream qemu will create a helper tool that is uses fscaps, etc, and correctly manages the tun/tap devices before launching qemu itself. That reduces the exposure of CAP_NET_ADMIN and makes for a more auditable chunk of code. I'll leave it up to the qemu maintainer in Ubuntu how to handle these things, but I just wanted to confirm that arbitrarily giving everyone CAP_NET_ADMIN (or being setuid root) via qemu was not preferred. If it's done via file permissions and a qemu-runners group, plus fscaps =ep, or done via fscaps =ei and select users are given =i via pam_cap, I don't much care. :) Regardless, fscaps are not supported in Debian/Ubuntu packaging (which I very much want to fix), so this is all a non-issue until that is solved. In the meantime, I feel it is my responsibility to provide as safe a set of instructions that accomplishes the goal of accessing the tun/tap devices. -- qemu no tun/tap networking https://bugs.launchpad.net/bugs/103010 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 540596] [NEW] NX memory not simulated for ARMv7 and above CPUs
Public bug reported: Binary package hint: qemu-kvm The ARM emulation in qemu does not appear to correctly simulate non- executable memory for the CPUs that support it (ARMv7, maybe v6, and above). ** Affects: qemu-kvm (Ubuntu) Importance: Undecided Status: New -- NX memory not simulated for ARMv7 and above CPUs https://bugs.launchpad.net/bugs/540596 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 292971] Re: nscd leaking memory using libnss-ldap
** Also affects: libnss-ldap (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: libnss-ldap (Ubuntu Intrepid) Importance: Undecided Status: New ** Also affects: libnss-ldap (Ubuntu Jaunty) Importance: Undecided Status: New ** Also affects: libnss-ldap (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: libnss-ldap (Ubuntu Lucid) Importance: Undecided Status: New ** Changed in: libnss-ldap (Ubuntu Lucid) Milestone: None => ubuntu-10.04-beta-2 ** Changed in: libnss-ldap (Ubuntu Lucid) Status: New => Triaged ** Changed in: libnss-ldap (Ubuntu Lucid) Importance: Undecided => High ** Changed in: libnss-ldap (Ubuntu Hardy) Status: New => Triaged ** Changed in: libnss-ldap (Ubuntu Hardy) Importance: Undecided => High ** Changed in: libnss-ldap (Ubuntu Intrepid) Status: New => Triaged ** Changed in: libnss-ldap (Ubuntu Intrepid) Importance: Undecided => High ** Changed in: libnss-ldap (Ubuntu Jaunty) Status: New => Triaged ** Changed in: libnss-ldap (Ubuntu Jaunty) Importance: Undecided => High ** Changed in: libnss-ldap (Ubuntu Karmic) Status: New => Triaged ** Changed in: libnss-ldap (Ubuntu Karmic) Importance: Undecided => High -- nscd leaking memory using libnss-ldap https://bugs.launchpad.net/bugs/292971 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 461829] Re: Disallowed command //usr/share/eucalyptus/populate_arp.pl
+1, sorry I missed this bug for so long. ** Changed in: eucalyptus (Ubuntu Lucid) Assignee: Dustin Kirkland (kirkland) => (unassigned) -- Disallowed command //usr/share/eucalyptus/populate_arp.pl https://bugs.launchpad.net/bugs/461829 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
It would help to understand if the problem is with eglibc, sudo, or libnss-ldap. ** Package changed: glibc (Ubuntu) => eglibc (Ubuntu) ** Also affects: libnss-ldap (Ubuntu) Importance: Undecided Status: New ** Also affects: eglibc (Ubuntu Lucid) Importance: Undecided Status: Confirmed ** Also affects: libnss-ldap (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: eglibc (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: libnss-ldap (Ubuntu Karmic) Importance: Undecided Status: New ** Changed in: eglibc (Ubuntu Karmic) Status: New => Invalid ** Changed in: eglibc (Ubuntu Lucid) Status: Confirmed => Invalid ** Changed in: eglibc (Ubuntu Karmic) Status: Invalid => New ** Package changed: eglibc (Ubuntu Karmic) => sudo (Ubuntu Karmic) ** Changed in: sudo (Ubuntu Lucid) Status: Invalid => New ** Also affects: eglibc (Ubuntu) Importance: Undecided Status: New -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 556167] [NEW] vmbuilder uses parted to create disk images, which leads to broken sector counts (cannot use grub2 on disk images created by vmbuilder/parted)
Public bug reported: parted uses a fixed sector count of "32" when writing partitions to a non-block device. (See init_file() via linux_new() in libparted/arch/linux.c) As a result, the track size of disks created with vmbuilder is 32 sectors, not the generally expected 63 sectors (used with LBA mode). This means that the "embedding region" between the end of the MBR and the start of partition 1 is half the "normal" size, and grub2 will not install. /usr/sbin/grub-setup: warn: Your embedding area is unusually small. core.img won't fit in it.. Fastest solution I see is to use an environment override as already done in init_file() for sector size. Perhaps PARTED_SECTORS? And then set this to 63 when calling parted from vm-builder. ** Affects: vm-builder (Ubuntu) Importance: Undecided Status: New -- vmbuilder uses parted to create disk images, which leads to broken sector counts (cannot use grub2 on disk images created by vmbuilder/parted) https://bugs.launchpad.net/bugs/556167 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vm-builder in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
