This bug was fixed in the package ntp - 1:4.2.6.p3+dfsg-1ubuntu3.7
---
ntp (1:4.2.6.p3+dfsg-1ubuntu3.7) precise; urgency=medium
* Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
fix logic in ntpd/ntp_io.c
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.6
---
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.6) trusty; urgency=medium
* Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
fix logic in nt
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu6.3
---
ntp (1:4.2.6.p5+dfsg-3ubuntu6.3) vivid; urgency=medium
* Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
fix logic in ntpd/ntp_io.c (
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dr
** Tags removed: verification-done
** Tags added: verification-done-trusty verification-needed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in rou
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dr
I've been using the -proposed package on 15 Trusty machines since it was
published. Again, I never was able to reproduce the original problem but
I saw no regression either.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report
Hello Eric, or anyone else affected,
Accepted ntp into vivid-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu6.3 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https:/
Hello Eric, or anyone else affected,
Accepted ntp into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu2.14.04.6 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
sponsored to precise/trusty/vivid (though i'm unsure vivid is useful
since it's not the current stable)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-fr
** Tags added: sts
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notifications about this bug
Here is the rebase debdiff for Vivid
** Patch added: "Rebase Vivid debdiff"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508498/+files/lp1481388_rebase_vivid.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which i
Here is the rebase debdiff for Trusty
** Patch added: "Rebase Trusty debdiff"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508494/+files/lp1481388_rebase_trusty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, whic
Here is the rebase debdiff for Precise
** Patch added: "Rebase Precise debdiff"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508496/+files/lp1481388_rebase_precise.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, w
** Patch removed: "debdiff for precise"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff
** Patch removed: "debdiff for trusty"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4453392/+files/l
Hi Mathew,
I have the knowledge of the code, I will rebase the debdiffs for V/T/P
Note: I checked and Xenial has the patch already.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/148138
I think it is probably necessary to rebase the debdiffs on the new
versions in case there are any confilcts. There were a lot of changes as
you can see here http://www.ubuntu.com/usn/usn-2783-1/ .
I don't have direct knowledge of the code though.
--
You received this bug notification because you
Good evening Mathew,
Does it mean I need to re-do the debdiffs ?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after droppi
This SRU has been shadowed by a security update and needs to be re-
merged.
** Changed in: ntp (Ubuntu Precise)
Status: Fix Committed => In Progress
** Changed in: ntp (Ubuntu Trusty)
Status: Fix Committed => In Progress
** Changed in: ntp (Ubuntu Vivid)
Status: Fix Committe
Good evening Chris,
This bug has been brought to my attention by someone in the community.
Unfortunately, I never had a confirmation from him if the fix solve his
issue or not... but as state in comment #5 & #11, I've been able to
reproduce the problem and make sure it addressed the situation.
Th
Has anyone who was able to reproduce the original crash tested the
packages from trusty-proposed (or precise or vivid) to check that the
crash is actually fixed?
It's good that it doesn't seem to regress anything, but we also want to
know whether it *fixes* anything :)
--
You received this bug n
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dr
Eric, I've been running the proposed version on many systems and haven't
found any regression. Do you think this would be ready to move on to
-updates now?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.lau
Eric, I don't know if that's a good test case but on my patched Trusty
box:
root@xeon:~# uname -a
Linux xeon 3.13.0-63-generic #103-Ubuntu SMP Fri Aug 14 21:42:59 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
root@xeon:~# sysctl net.core.wmem_max=4650
net.core.wmem_max = 4700
root@xeon:~# sys
Simon, you may want to add a few ethernet interfaces and static routes.
I was able to reproduce it with ~6 network interface.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Tit
Err, I meant I couldn't reproduce the issue with and without the patch.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after
I tried to reproduce the problem by lowering {r,w}mem_max on Precise and
Trusty's *unpatched* version to no avail. On the up side, I couldn't
find any regression with the update version.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to t
** Changed in: ntp (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropp
** Branch linked: lp:ubuntu/vivid-proposed/ntp
** Branch linked: lp:ubuntu/precise-proposed/ntp
** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/ntp/trusty-proposed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
ht
Hello Eric, or anyone else affected,
Accepted ntp into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu2.14.04.4 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Launchpad has imported 8 comments from the remote bug at
http://bugs.ntp.org/show_bug.cgi?id=2224.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad
** Branch linked: lp:ubuntu/ntp
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notifications a
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu7
---
ntp (1:4.2.6.p5+dfsg-3ubuntu7) wily; urgency=medium
* Fix use-after-free in routing socket code (LP: #1481388)
- debian/patches/use-after-free-in-routing-socket.patch
fix logic in ntpd/ntp_io.c
* Fix to
ACK on the debdiffs, thanks!
I've slightly modified the whitespace in the changelog and have added
the bug number, and have uploaded it to wily, and to the other releases
for processing by the SRU team.
** Tags removed: verification-done
** Changed in: ntp (Ubuntu Wily)
Status: In Progre
** Bug watch added: Debian Bug tracker #795315
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315
** Also affects: ntp (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315
Importance: Unknown
Status: Unknown
** Bug watch added: bugs.ntp.org/ #2224
http://bu
** Changed in: ntp (Ubuntu Wily)
Importance: Low => Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping r
debdiff for wily
** Patch added: "debdiff for wily"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456187/+files/lp1481388_wily.debdiff
** Changed in: ntp (Ubuntu Wily)
Status: Confirmed => In Progress
--
You received this bug notification because you a
debdiff for vivid
** Patch added: "debdiff for vivid"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug repor
** Patch removed: "debdiff for Vivid"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.l
debdiff for Vivid
** Patch added: "debdiff for Vivid"
https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff
** Changed in: ntp (Ubuntu Vivid)
Status: Confirmed => In Progress
** Changed in: ntp (Ubuntu Vivid)
Importanc
debdiff for trusty
** Patch added: "1:4.2.6.p5+dfsg-3ubuntu2.14.04.4"
https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff
** Changed in: ntp (Ubuntu Trusty)
Status: Confirmed => In Progress
** Changed in: ntp (Ubuntu T
I also noticed the situation can be reproduced at boot if the value of
"net.core.rmem_default" is too low.
I reproduced it by only lowering the "net.core.rmem_default = 2000"
value with 6 network interface at boot.
ntpd[851]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
nt
The attachment "debdiff for precise" seems to be a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and i
debdiff for precise
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notifications about this bu
debdiff for precise
** Description changed:
+ [Impact]
+
+ * User experienced repeated segfaults at the same instruction pointer
+
+ i/o error on routing socket No buffer space available - disabling
+ segfault at 31 ip 0031 sp 79f11788 error 14 in
libpthread-2.15.so[7f967
debdiff for precise
** Patch added: "debdiff for precise"
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug repor
debdiff for precise
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notifications about this bu
** Changed in: ntp (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: ntp (Ubuntu Vivid)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/14
** Changed in: ntp (Ubuntu Precise)
Assignee: (unassigned) => Eric Desrochers (eric-desrochers-z)
** Changed in: ntp (Ubuntu Vivid)
Assignee: (unassigned) => Eric Desrochers (eric-desrochers-z)
** Changed in: ntp (Ubuntu Precise)
Status: New => Confirmed
--
You received this bu
** Also affects: ntp (Ubuntu Vivid)
Importance: Undecided
Status: New
** Also affects: ntp (Ubuntu Precise)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bu
I was able to reproduce the problem on PRECISE (12.04) by lowering the
kernel parameter value "net.core.rmem_max".
And then test my .deb build on my PPA[1] with the following upstream
commits :
- d6df9d3 [Bug 2224] Use-after-free in routing socket code after dropping root.
- db47bd4 [Bug 2890] Ig
Unfortunately, I can't reproduce the behaviour on my side.
I'm providing a hotfix[1] based on the upstream commit[2] that addressed the
issue.
If you can reproduce the problem, please test the hotfix and provide
feedbacks.
[1] https://launchpad.net/~eric-desrochers-z/+archive/ubuntu/lp1481388/+p
** Changed in: ntp (Ubuntu Trusty)
Assignee: (unassigned) => eric.desrochers (eric-desrochers-z)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ntp (Ubuntu Trusty)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/148
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ntp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1481388
T
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To mana
** Also affects: ntp (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: ntp (Ubuntu Wily)
Importance: Low
Assignee: eric.desrochers (eric-desrochers-z)
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which
** Changed in: ntp (Ubuntu)
Milestone: ubuntu-12.04.5 => trusty-updates
** Changed in: ntp (Ubuntu)
Milestone: trusty-updates => None
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bug
The remove_ and delete_ functions remove the current element from the
asyncio_reader_list, and free it, respectively.
We then return back to the loop at the top, wherein the asyncio_reader variable
still points at the now-freed element,
whose contents are now scrambled by having link pointers, et
** Changed in: ntp (Ubuntu)
Importance: Undecided => Low
** Changed in: ntp (Ubuntu)
Milestone: None => ubuntu-12.04.5
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title
60 matches
Mail list logo
