THis was pocket copied to jammy-security on 2024-10-30 after
verification that the dependencies were satisfiable for people without
jammy-updates enabled: https://launchpad.net/ubuntu/+source/ubuntu-
drivers-common/1:0.9.6.2~0.22.04.8
Thanks!
--
You received this bug notification because you are
Hey @alvar54, sorry you're having issues. Can you describe what behavior
you are expecting versus what's happening on your system?
There are a number of apparmor rejections in the logs (that the bug
reporting collected), but if the system itself is freezing, it you be
useful to see if there are ad
Closing out status on this issue, see also
https://ubuntu.com/security/CVE-2022-23041 for the specific unfixed CVE.
** Changed in: linux-aws (Ubuntu)
Status: New => Fix Released
** Changed in: linux (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: linux-azure-4.15 (Ubuntu)
Ack, thanks, blocking future possible syncs is a good idea.
Merge proposal here: https://code.launchpad.net/~sbeattie/+git/sync-
blocklist/+merge/472598
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2
Actual fixed versions for this issue are still sitting in focal-proposed
and jammy-proposed. However, we did a no-change rebuild ofthe current
versions in the respective updates pockets to the security pocket, so
that the version in proposed could be published first in the updates
pocket, but leavi
Public bug reported:
The imagemagick security update
jammy/8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5 made changes that cause ruby-
rmagick's build to fail during it's build tests in the following
testcase:
Failures:
1) Magick::D
Public bug reported:
Python 3.12 got more strict about quoting in strings that often impacts
regular expressions, and pyflakes on the apparmor apport hooks reports:
$ pyflakes3 debian/apport/source_apparmor.py
debian/apport/source_apparmor.py:61: SyntaxWarning: invalid escape sequence
'\('
** Tags added: sec-4736
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058192
Title:
[MIR] lenovo-wwan-unlock
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+
** Tags added: sec-4733
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2071717
Title:
[MIR] linuxptp
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linuxptp/
** Tags added: sec-4617
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2066262
Title:
[MIR] libdex
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdex/+bug
Public bug reported:
The cryptojs library has been deprecated by upstream
https://github.com/brix/crypto-js?tab=readme-ov-file#discontinued and
recommends the native javascript Crypt library.
It has no reverse dependencies:
$ reverse-depends src:cryptojs
No reverse dependencies found
$ reverse-d
** Also affects: xorg-server (Ubuntu Noble)
Importance: High
Status: Triaged
** Also affects: xwayland (Ubuntu Noble)
Importance: High
Status: Triaged
** Also affects: xorg-server (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: xwayland (Ubuntu Jam
I have prepared test packages for ubuntu 22.04 LTS/jammy in the
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages PPA for both xorg-server:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+sourcepub/15921802/+listing-archive-extra
and for xwayla
The reproducer https://bugs.freedesktop.org/attachment.cgi?id=28621 from
the original 2009 bug report
https://bugs.freedesktop.org/show_bug.cgi?id=23286 does seem to work at
triggering this issue, at least under Xwalyand.
** Bug watch added: freedesktop.org Bugzilla #23286
https://bugs.freedesk
Are people seeing this issue with any other Ubuntu releases, which also
received updates addressing CVE-2024-31083, or is this strictly
affecting the version in 22.04/jammy?
It looks like
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1476 has a
proposed fix, in
https://gitlab.freede
** Description changed:
+ SRU Team; the packages for focal-proposed and jammy-proposed are
+ intended as security updates prepared by the Ubuntu Security team (and
+ have built in a ppa with only the security pockets enabled). However,
+ because the fix makes mount rules in apparmor policy be trea
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status:
** Tags added: sec-1058
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1975523
Title:
[MIR] Promote to main in Jammy and Kinetic
To manage notifications about this bug go to:
https://bugs.launchpad.
** Tags added: sec-1057
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1963707
Title:
[MIR] libqrtr-glib
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libqr
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30594
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972740
Title:
Unprivileged users may use PTRACE_SEIZE to set
PTRACE_O_SUSPEND
** Tags added: sec-994
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972043
Title:
Please add -ftrivial-auto-var-init=zero to default build flags
To manage notifications about this bug go to:
http
** Tags added: sec-407
** Tags added: sec-408 sec-409
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892559
Title:
[MIR] ccid opensc pcsc-lite
To manage notifications about this bug go to:
https:/
** Tags added: sec-976
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1965115
Title:
[MIR] nullboot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nullboot/+
** Also affects: cron (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: cron (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: cron (Ubuntu Xenial)
Status: New => Triaged
** Changed in: cron (Ubuntu Bionic)
Status: New => Triaged
** Changed in: linux-aws (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1949186
Title:
Missing Linux Kernel mitigations for 'SSB - Speculative Store
Hi, is this still on the kernel team's radar to address in trusty and in
the various linux-azure kernels?
Thanks!
** Changed in: linux-oem-5.14 (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-oem-5.13 (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-oem-5.10
Thanks, making this public.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951927
Title:
Array overflow in au_procfs_plm_write
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961528
Title:
Security: Arbitrary shell command injection through PDF import or
Given that this issue is public in the freedesktop gitlab instance, I'm
making this issue public here as well.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:
Hi Bartłomiej, was this issue reported to mozilla? Do you have a bug
report there?
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1961854
Title:
Thunderbid saves accepted calendar ev
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Jeremy, is there any progress on this?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1971415
Title:
Remote desktop is automatically enabled after login
To manage notifications about this bu
** Package changed: ubuntu => gnome-shell (Ubuntu)
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972812
Title:
The operating sy
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1214787
Title:
busybox crashed with signal 7
To manage notifications about this bug go to:
https://b
Public bug reported:
Upstream bug report: https://github.com/go-macaroon-bakery/py-macaroon-
bakery/issues/88
See above for details, but the essential bug is that doing something
like the following:
client = httpbakery.Client(cookies=MozillaCookieJar(".cooklefile"))
if os.path.exists(cl
Hi, yes, from the Ubuntu Security team's perspective, this should go to
the security pocket.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1969619
Title:
RDP Sharing appears on by default in jammy
** Tags added: sec-753
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1926321
Title:
[MIR] telegraf
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/telegraf/+
** Tags added: sec-754
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1956617
Title:
[MIR] protobuf-c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/protobuf
** Tags added: sec-751
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1746629
Title:
[MIR] libbluray
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libbluray
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1808537
Title:
[bionic] ffmpeg update to 3.4.5
To manage notifications about this
This was fixed in Jammy (Ubuntu 22.04 LTS pre-release) in phpliteadmin
1.9.8.2-2, closing that task.
** Changed in: phpliteadmin (Ubuntu Jammy)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
All work for this report has been completed, I believe the linux and
linux-meta tasks can be closed out as well.
** Changed in: linux (Ubuntu)
Status: Triaged => Fix Released
** Changed in: linux-meta (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification b
Hi Ammar, apologies for the delayed followup, what is the version of the
kernel that you are seeing this with? I.E. what is the output of running
the command 'cat /proc/version_signature' where this is showing up?
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0135
** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0175
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950940
This was fixed in https://ubuntu.com/security/notices/USN-5309-1 for
focal and newer; it is unfixed in bionic where virglrenderer is
community maintained.
(Edited to fix USN URL.)
** Also affects: virglrenderer (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: virglrend
This was fixed in https://ubuntu.com/security/notices/USN-5309-1 for
focal and newer; it is unfixed in bionic where virglrenderer is
community maintained.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0175
** Also affects: virglrenderer (Ubuntu Focal)
Importance: Undecided
Issue 251 is not open upstream, but it looks like this was addressed in
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/2aed5d419722a0d9fbd17be9c7a1147e22b681de
along with a couple of other security fixes in
https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
. It do
This has been fixed in all affected Ubuntu kernels, closing.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0322
** Information type changed from Private Security to Public Security
** Changed in: linux (Ubuntu)
Status: New => Fix Released
--
You received this bug not
This was fixed in affected kernels in
https://ubuntu.com/security/notices/USN-5317-1 and
https://ubuntu.com/security/notices/USN-5362-1
** Package changed: ubuntu => linux (Ubuntu)
** Changed in: linux (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
This is fixed in jammy (Ubuntu 22.04 LTS pre-release) but not in focal
or bionic.
** Also affects: lapack (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: lapack (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: lapack (Ubuntu Focal)
Impo
** Changed in: lapack (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1968043
Title:
Open CVE-2021-4048 with critical severity
To manage notifications about t
As an aside, the wireguard-dkms package is not necessary to install
(unless one is running an older non Ubuntu kernel that does not have the
wireguard module available) as the wireguard kernel module has been
enabled and backported to all Ubuntu kernels going back to the 4.4
kernel in Ubuntu 16.04
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
I reviewed glusterfs 10.1-1 as checked into jammy. This
shouldn't be considered a full audit but rather a quick gauge
of maintainability.
GlusterFS is a clustered network file-system.
- CVE History: 27 CVEs, though the most recent are from
2018. Issue resolution looks okay. One or two of the la
On Mon, Apr 04, 2022 at 09:31:39AM -, Simon Chopin wrote:
> We also have a provisional ACK from the security team (I'll keep working
> on surfacing the vendored deps data in a better way than Cargo.lock!).
>
> The seed changes are in a MP at
> https://code.launchpad.net/~schopin/ubuntu-seeds/+
This issue was addressed in Ubuntu in
https://ubuntu.com/security/notices/USN-5310-1 and
https://ubuntu.com/security/notices/USN-5310-2 and the under development
jammy/Ubuntu 22.04 LTS already has glibc 2.35 incorporated.
Please also note that Ubuntu has been building with stack-protector
enabled
python distutils deprecation has been filed as a bug upstream at
https://bugzilla.netfilter.org/show_bug.cgi?id=1594
For the security review, while I did do some review while preparing the
MIR request, I supsect it is preferable for the submitter to not also be
the one to do the security review. A
Yes, that's correct, both commits are needed. The debdiff/merge request
look good to me, please go ahead and upload them to jammy so we can have
proper symbol versioning on the ibrary itself there. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is sub
(If this were a build time testsuite, our log comparison process would
pick up changes. We could *maybe* do something akin to how we try to
detect new failing tests in openjdk in qrt's notes_testing/openjdk/
where we maybe compare our current adt runs of nftables against a prior
run, and look for d
So this looks okay, there are unfortunately a bunch of errors in the
tests with v1.0.2 against a 5.15 kernel because the 'egress' hook
support was only added in 5.16
(https://git.kernel.org/linus/42df6e1d221dddc0f2acf2be37e68d553ad65f96).
This results in the following output in a jammy VM:
96 te
For the required todos:
1) yes, the Ubuntu Security team is willing to maintain the embedded
code copies.
2) debian symbols tracking:
https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1965464
For the recommended todos, we will try to make progress on those.
Thanks!
--
You received this
Submitted patch to Debian: https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=1007888
** Bug watch added: Debian Bug tracker #1007888
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007888
** Also affects: nftables (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007888
Debdiff to fix in ubuntu attached
** Patch added: "nftables_1.0.2-1ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1965464/+attachment/5570243/+files/nftables_1.0.2-1ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
I attemped to fix it with the following patch:
Index: b/src/Makefile.am
===
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -91,7 +91,7 @@ libparser_la_CFLAGS = ${AM_CFLAGS} \
libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS}
One concern with this is that the upstream symbol versioning is broken;
generating the debian symbols file looks like so:
libnftables.so.1 libnftables1 #MINVER#
nft_ctx_add_include_path@Base 0.9.2
nft_ctx_add_var@Base 1.0.0
nft_ctx_buffer_error@Base 0.9.2
nft_ctx_buffer_output@Base 0.9.2
nft_
Public bug reported:
As part of the MIR for nftables, the addition of symbols tracking in the
debian packaging for nftables is a requirement.
** Affects: nftables (Ubuntu)
Importance: High
Assignee: Steve Beattie (sbeattie)
Status: Confirmed
** Changed in: nftables (Ubuntu
On Tue, Mar 15, 2022 at 05:14:00PM -, Simon Chopin wrote:
> Before even starting to address the various points further, I must ask
> whether they're showstopper for the *rustc* MIR.
> I ask because some of the concerns raised here are irrelevant for rustc
> itself. For instance, the X-Cargo-Bu
On Fri, Mar 11, 2022 at 10:17:47AM -, Simon Chopin wrote:
> @sbeattie there's some context on those various fields in
> https://github.com/cpaelzer/ubuntu-mir/pull/3
Thanks for this.
> Basically X-Cargo-Built-Using should be folded into Built-Using.
I agree with this, but is there a plan to
> 'Built-Using' vs 'X-Cargo-Built-Using' dh-cargo behavior
So there is no plan to change this in dh-cargo? The tool the security
team has that queries Built-Using can be modified to use the alternate
field, if necessary, but we need to know if that's what we need to do.
Are the tools that help wit
I reviewed plocate 1.1.15-1ubuntu2 as checked into jammy. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
plocate is a locate implementation based on posting lists and io_uring,
intended as a drop-in replacement for mlocate.
- No CVE History.
- Build-Depend
I'm working on the Security review of GlusterFS, which I have not quite
completed, but to offer a comment on fusermount-glusterfs binary, the
Security team would strongly prefer to not have another setuid binary
for this; the original setuid fusermount has had its own security
history and we would
** Changed in: glusterfs (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Steve Beattie
(sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] glusterfs
I reviewed rustc 1.57.0+dfsg1+llvm-0ubuntu2 as checked into jammy
(but also peeked briefly at 1.58.1+dfsg1~ubuntu1-0ubuntu1~ppa5
in Simon's ppa). This shouldn't be considered a full audit but
rather a quick gauge of maintainability, and this is a bit more
streamlined review than normal due to the n
Andreas wrote:
> If you happen to have a kernel installed that has the virtual provides
> for wireguard-modules, then dkms won't be pulled in.
Oh nice, I missed that, thanks for pointing it out. That definitely
covers my complaint there.
--
You received this bug notification because you are a me
One other non-security opinionated comment: having the wireguard meta
package pull in the dkms package will likely cause people to install
them unnecessarily. While many people will read the documentation first
and realize they only need to install wireguard-tools, it's likely
others will hear that
I reviewed wireguard 1.0.20210914-1ubuntu2 as checked into jammy.
This shouldn't be considered a full audit but rather a quick
gauge of maintainability.
wireguard is the user space component of the WireGuard VPN, an
in-kernel vpn. The tools provided are for querying and configuring
the state of th
I reviewed libyang2 2.0.112-6ubuntu2 as checked into jammy.
This shouldn't be considered a full audit but rather a quick gauge
of maintainability. The libyang2 source package is a rename of the
libyang based on the upstream 2.0 version which included a new parser;
the libyang source package has not
** Changed in: nftables (Ubuntu)
Assignee: Seth Arnold (seth-arnold) => (unassigned)
** Changed in: nftables (Ubuntu)
Status: Confirmed => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs
** Description changed:
-
[Availability]
* The package is already in universe and has been supported
by Ubuntu kernels since at least Ubuntu 18.04 LTS. It
builds and is supported on all Ubuntu architectures.
[Rationale]
* nftables is the future CLI and backend for firewalling
** Description changed:
[Availability]
- * The package is already in universe and has been supported by Ubuntu
- kernels since at least Ubuntu 18.04 LTS. It builds and is supported
- on all Ubuntu architectures.
+ * The package is already in universe and has been supported
+ by Ubuntu kern
** Description changed:
+
[Availability]
- * The package is present in universe and is built for all architectures.
+ * The package is already in universe and has been supported by Ubuntu
+ kernels since at least Ubuntu 18.04 LTS. It builds and is supported
+ on all Ubuntu architectures.
Also, given that nftables is configuring netfilter in the kernel, it
would probably be helpful to identify which kernel version you saw this
with.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs
Hi Elrik,
Thanks for reporting your issue to Ubuntu, and apologies for the delayed
response. Can you say explicitly what behavior you're expecting to have
work that does not? I.E. are ssh connections to the host unsuccessful or
are other outbound operations failing?
Some useful diagnostics to see
Hi,
Thanks for reporting this issue. If the behavior fails due to a kernel
update, it's unlikely to be a problem in the user space nftables tool.
Looking for suspicious commits between 5.4.0-84.94 and 5.4.0-90.101,
https://git.launchpad.net/~ubuntu-
kernel/ubuntu/+source/linux/+git/focal/commit/?
Hey Kunal, thanks again for preparing these debdiffs. After reviewing
them, I've gone ahead and uploaded the packages to the ubuntu-security-
proposed ppa at https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages to build and run through
autopkgtests; any feedback or additio
Hi Kunal,
Thanks for preparing these updates, I'm looking at them now. Apologies
that they didn't get picked up earlier.
** Changed in: mediawiki (Ubuntu Bionic)
Assignee: (unassigned) => Steve Beattie (sbeattie)
** Changed in: mediawiki (Ubuntu Focal)
Assignee: (unassig
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951837
Title:
new kernel 5.4.0-90-generic contain error with snat in vrf
T
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1958089
Title:
Acer laptop screen goes black after a few hours of work
To manage notificatio
This was assigned CVE-2021-4204.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4204
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1956585
Title:
OOB write on BPF_RINGBUF
To man
** Description changed:
tr3e wang discovered that an OOB write existed in the eBPF subsystem in
the Linux kernel on BPF_RINGBUF.
Mitigation commit: https://git.launchpad.net/~ubuntu-
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83
Mitiga
** Description changed:
tr3e wang discovered that an OOB write existed in the eBPF subsystem in
the Linux kernel on BPF_RINGBUF.
Mitigation commit: https://git.launchpad.net/~ubuntu-
kernel/ubuntu/+source/linux/+git/impish/commit/?id=53fb7741ff9d546174dbb585957b4f8b6afbdb83
+
+ Mitiga
** Information type changed from Private Security to Public Security
** Description changed:
- Placeholder bug.
+ tr3e wang discovered that an OOB write existed in the eBPF subsystem in
+ the Linux kernel on BPF_RINGBUF.
+
+ Mitigation commit: https://git.launchpad.net/~ubuntu-
+
kernel/ubuntu/
Assignee: (unassigned) => Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1916767
Title:
firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910
To mana
Okay from the Ubuntu Security team for these tzdata updates to land in
security pockets. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948698
Title:
Update tzdata to version 2021e
To manag
This was fixed for xenial/esm with tzdata 2021a-2ubuntu0.16.04+esm1 and
for trusty/esm with tzdata 2021a-2ubuntu0.14.04+esm1. Thanks Brian, for
preparing these updates!
** Changed in: tzdata (Ubuntu Xenial)
Status: New => Fix Released
** Also affects: tzdata (Ubuntu Trusty)
Importance:
I am not aware of a security impact from this issue, so if it is to be
addressed in xenial ESM, it would eed to go through a support request.
closing the xenial tasks as Won't Fix.
** Changed in: python2.7 (Ubuntu Xenial)
Status: New => Won't Fix
** Changed in: python3.5 (Ubuntu Xenial)
For python2.7, this was fixed in
https://github.com/python/cpython/commit/a5c9112300ecd492ed6cc9759dc8028766401f61
which landed in 2.7.15, so has been fixed in bionic-updates and newer.
** Changed in: python2.7 (Ubuntu Bionic)
Status: New => Fix Released
** Changed in: python2.7 (Ubuntu)
In actuality, the bug describing the autopkgtest failure for docker.io
in xenial is bug 1855481. The fix for this in xenial was incorporated
into the docker.io 18.09.7-0ubuntu1~16.04.9+esm1 ESM update.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscri
1 - 100 of 11310 matches
Mail list logo
