Public bug reported:
I have configured apt-src access to the private ESM PPAs via entries in
/etc/apt/sources.list.d/ubuntu-security.list as follows:
deb-src https://private-ppa.launchpad.net/ubuntu-esm/esm-infra-
security/ubuntu trusty main
and then added credentials as follows to /etc/apt/auth
** Tags removed: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1898547
Title:
neutron-linuxbridge-agent fails to start with iptables 1.8.5
Status in
jdstrand sponsored this to groovy-proposed and autopkgtests have all
passed - ~ubuntu-sru - could you please review?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1898547
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
@rokclimb15 - are you still looking at producing debdiff's for focal +
groovy as well?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
Status in n
Excellent - thank you :)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
Status in ntp package in Ubuntu:
Confirmed
Status in ntp source package
Yep I'll take this @Christian
** Changed in: iptables (Ubuntu Groovy)
Assignee: (unassigned) => Alex Murray (alexmurray)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launc
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1862348
Title:
Apport lock file root privilege escalatio
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1862933
Title:
Apport crash report & cron script TOCTTOU
Has this been reported to the upstream libgsm developers?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libgsm in Ubuntu.
https://bugs.launchpad.net/bugs/1860414
Title:
ZDI-CAN-9867: Canonical libgsm AssertFailure
Status
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
When generating the list of systems calls for aarch64, libseccomp uses
the generic kernel API headers rather than the architecture specific
ones - and so misses the definitions of getrlimit, setrlimit and clone3
for aarch64 - if this is changed to use arch-specific headers then we
can regenerate th
See attached for a debdiff to fix this in groovy - this backports the PR
mentioned above to add these missing syscalls for aarch64.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.n
** Patch added: "libseccomp_2.4.3-1ubuntu2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1877633/+attachment/5370131/+files/libseccomp_2.4.3-1ubuntu2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribe
Tested on an up-to-date groovy install:
amurray@sec-groovy-amd64:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu Groovy Gorilla (development branch)
Release:20.10
Codename: groovy
amurray@sec-groovy-amd64:~$ dpkg -l seccomp
Desired=Unknow
@jdstrand would you be willing to sponsor that for me to groovy and then
I'll update this bug for SRU of this back to focal (and will add this
change also for the existing libseccomp SRU for eoan/bionic/xenial in LP
#1876055)
--
You received this bug notification because you are a member of Ubunt
For the issue of not being able to save files to / from external drives,
you need to manually connect the removable-media interface for the
audacity snap - so either in Ubuntu Software search again for audacity
and then via the 'Permissions' button ensure the 'Read/write files on
removable storage
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1878177
Title:
CVE-2020-3810 out-of-bound stack reads in ar
** Summary changed:
- SRU: Backport 2.4.3-1ubuntu1 from focal to eoan/bionic/xenial for newer
syscalls for core20 base
+ SRU: Backport 2.4.3-1ubuntu2 from groovy to focal/eoan/bionic/xenial for
newer syscalls for core20 base
--
You received this bug notification because you are a member of Ubu
** Patch added: "eoan"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5374694/+files/libseccomp_2.4.3-1ubuntu3.19.10.1.debdiff
** Patch removed: "Update for groovy solely to add the test suite change to be
in-line with older releases"
https://bugs.launchpad.
** Patch added: "bionic"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5374695/+files/libseccomp_2.4.3-1ubuntu3.18.04.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in
** Description changed:
- Placeholder to start preparing SRU for
- https://github.com/snapcore/core20/issues/48
+ [Impact]
+
+ snap-confine from snapd uses libseccomp to filter various system calls
+ for confinement. The current version in eoan/bionic/xenial (2.4.1) is
+ missing knowledge of vari
** Patch added: "focal"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5374693/+files/libseccomp_2.4.3-1ubuntu3.20.04.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in U
** Patch added: "xenial"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5374696/+files/libseccomp_2.4.3-1ubuntu3.16.04.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in
** Patch removed: "focal"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5374693/+files/libseccomp_2.4.3-1ubuntu3.20.04.1.debdiff
** Patch removed: "eoan"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5374694/+files/libseccomp_
** Patch added: "groovy"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5374698/+files/libseccomp_2.4.3-1ubuntu3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
** Patch added: "libseccomp_2.4.3-1ubuntu3.20.04.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5374699/+files/libseccomp_2.4.3-1ubuntu3.20.04.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, wh
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
This doesn't seem like a security issue to me - I believe this is the
default behaviour when using network manager for tethering - it will
route traffic via the tethered device. I am reassigning this against
network-manager which is likely doing the route setup.
** Information type changed from Pr
One more thing - I expect your phone has USB Tethering enabled - and so
presents itself as an rndis USB/ethernet device - and then network
manager uses this as a preferred interface to route traffic through
rather than the wireless interface.
--
You received this bug notification because you are
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
** Description changed:
[Impact]
- snap-confine from snapd uses libseccomp to filter various system calls
- for confinement. The current version in eoan/bionic/xenial (2.4.1) is
- missing knowledge of various system calls for various architectures. As
- such this causes strange issues like py
** Also affects: libseccomp (Ubuntu Groovy)
Importance: Medium
Status: New
** Also affects: libseccomp (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu B
** Summary changed:
- SRU: Backport 2.4.3-1ubuntu2 from groovy to focal/eoan/bionic/xenial for
newer syscalls for core20 base
+ SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for
newer syscalls for core20 base and test suite robustness
--
You received this bug notificatio
Can you try adding the following to
/etc/apparmor.d/local/usr.sbin.dhcpd:
network packet dgram,
And then running
sudo apparmor_parser -rT /etc/apparmor.d/usr.sbin.dhcpd
And see if restart dhcpd then works?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
Public bug reported:
If a crash report is triggered automatically (say from a program crash
etc) then the Apport UI pops up asking whether to report this - if I
choose to proceed, after about 30 seconds gedit pops up with a HTML
document showing 'OpenID transaction in progress' - which is the
logi
Relevant parts from journalctl:
Feb 11 13:03:53 slate systemd[6652]: Starting Notification regarding a crash
report...
Feb 11 13:03:53 slate update-notifier-crash[260823]: /usr/bin/whoopsie
Feb 11 13:03:54 slate update-notifier-crash[260837]: /var/crash/libdleyna-core-1
Feb 11 13:04:19 slate syst
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1706770
Title:
Lock screen can be bypassed when auto-lo
gnome-shell is responsible for the lock screen so reassigning to that
** Package changed: shadow (Ubuntu) => gnome-shell (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bu
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Public bug reported:
Placeholder to start preparing SRU for
https://github.com/snapcore/core20/issues/48
** Affects: libseccomp (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subsc
Public bug reported:
After updating my VMWare Player install of Ubuntu 14.04 amd64 to linux-
image-3.19.0-51-generic it fails to boot - plymouth appears to hang
during boot and so it never reaches the GDM login screen - also seems I
am not alone:
http://askubuntu.com/questions/738083/ubuntu-14-04
This is not an issue in apparmor itself, so I am closing this bug as
invalid since it is an issue in the konsole snap in the snap store.
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
It looks like you are using the snap version of konsole - which seems to
have strict confinement in place so its not surprising you are seeing
such issues.
I see there is a version with classic confinement in the candidate
channel - can you please try the following and see if it fixes the
issue:
The risk of immediate regression is low since this is only used for new
user accounts - but since the change is to a conffile there is always a
bit more risk due to interactions with dpkg etc. But that would be a
discussion to have with the SRU team.
--
You received this bug notification because
I typod the magic LP bug reference in the changelog but this was upload
to oracular earlier and just moved into -proposed:
apparmor (4.1.0~beta1-0ubuntu3) oracular; urgency=medium
* Add patch from upstream to fix unintentional ABI break (LP :#2083435)
- d/p/u/fix-abi-break-record-for-aa-log-r
@pponnuvel - I am in the middle of uploading this for plucky :)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mkhomedir does not honor private home directo
Thanks for the detailed analysis @pponnuvel - I have reverted this now
for pam in plucky in 1.5.3-7ubuntu4
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1957024
Title:
pam-mk
In a fresh noble LXD VM I can reproduce this:
apt install mysql-server apparmor
ubuntu-bug mysql-server
Then View the report and it has:
== KernLog =
apparmor
AppArmor
AppArmor
audit(
AppArmor
AppArmor
AppArmor
AppArmor
security
selinux
security
security
security
However if I just run the code from the apparmor apport hook on that
system then it doesn't reproduce:
root@sec-noble-amd64:/usr/share/apport/package-hooks# python3
Python 3.12.3 (main, Sep 11 2024, 14:17:37) [GCC 13.2.0] on linux
Type "help", "copyright", "credits" or "license" for more informati
I think perhaps the best way forward here would be for Canonical to
assign a CVE for this issue if it looks like a real vulnerability and
then we can proceed with a fix. I will enquire internally.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, whic
Thanks Bryce - no worries - but just wondering if you tested the patch?
Since when I was investigating this I noticed the following in the API
documentation for re.findall():
The result depends on the number of capturing groups in the pattern. If
there are no groups, return a list of strings match
Oooh nice use of non-capturing group - LGTM!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/2090887
Title:
apport hookutils.py only captures first word per line for KernLog
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
** Changed in: openntpd (Ubuntu)
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1727202
Title:
[17.10 regression] AppArmor ntp denial: F
And if we add the same snippet to source_apparmor.py so we can run it
directly then we also don't reproduce this:
root@sec-noble-amd64:/usr/share/apport/package-hooks# tail
source_apparmor.py -n6
if __name__ == '__main__':
report = {}
add_info(report, None)
for key in report:
This is seen in errors.ubuntu.com:
https://errors.ubuntu.com/problem/221009027abdbea786d6cc51847568a98d8c1f7d
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/2096327
Title:
Fix uploaded in
https://launchpad.net/ubuntu/+source/apparmor/4.1.0~beta5-0ubuntu10
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2103663
Title:
set -x in apparmor.posti
Thanks for the heads up @ahasenack - I will prepare a fix and upload it
shortly.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2103663
Title:
set -x in apparmor.postinst
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Ah thank for noticing that John, it entirely slipped by me - so in that
case I don't think this is the appropriate fix - the AppArmor team has
worked hard to remove the busybox and other similar profiles that
allowed this bypass so I don't think we should do the same for os-
prober. Instead, since
301 - 361 of 361 matches
Mail list logo
