[Bug 1835285] Re: PDF files don't open; "Failed to load backend for 'application/pdf': libpdfdocument.so" and "Invalid ELF header".
Hello. Sebastien, there is a good news. On Mon., Jul. 22, Evince has been updated to 3.18.2-1ubuntu4.6 version to fix one security issue (buffer overflow; CVE-2019-1010006)*. And now, I can open '.pdf' files again! I think, that reinstalling Evince package, also could help - I mean with problem I described, because `debsums(1)` showed, that MD5 sum for 'libpdfdocument.so' and 'libdvidocument.so' files does not match so reinstall - probably - was a solution. However, I have not any possibilities to check this. Thank You and I apologize one more time for such a long time without my answer. Thanks, best regards. _ * https://lists.ubuntu.com/archives/xenial-changes/2019-July/025019.html ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2019-1010006 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/1835285 Title: PDF files don't open; "Failed to load backend for 'application/pdf': libpdfdocument.so" and "Invalid ELF header". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1835285/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1835285] Re: PDF files don't open; "Failed to load backend for 'application/pdf': libpdfdocument.so" and "Invalid ELF header".
Hi Sebastien.
Thank You for an answer. And I apologize for such a long time without my
answer. (An accident, nothing serious).
So Sebastien, please tell me, which informations exactly do you need?
I'm thinking about a `journalctl -b 0` command, of course. Is there
something specific, that you want or need to gather?
I'm asking, because there is not *any* informations about Evince or
loading backend for 'application/pdf' - for example - in system log
files, such as »/var/log/{syslog,kern.log}«, even right after trying to
open '.pdf' or 'djvu' files etc. (as you asked for it in your comment).
I mean nothing valuable, that can help to diagnose this problem.
Yes, there is the same problem with '.djvu' files - they cannot be
opened via Evince. Summarizing: I have problems not only with '.pdf',
but with '.djvu' files also. I have no idea what about other supported
file formats (please see 4. and Evince AppArmor profile), because I
can't test them, right now. And honestly, I don't know if I will be able
to do this. Sorry. (So, I updated the bug report and added this
information).
Sebastien, you also asked about the result of the `debsums(1)` for
'libevdocument3-4', right? I had to install `debsums` package first but
here it is:
,[ $ debsums libevdocument3-4 ]
| /usr/lib/i386-linux-gnu/evince/4/backends/comicsdocument.evince-backend
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/djvudocument.evince-backend
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/dvidocument.evince-backend
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libcomicsdocument.so
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libdjvudocument.so
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libdvidocument.so
FAILED
| /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so
FAILED
| /usr/lib/i386-linux-gnu/evince/4/backends/libpsdocument.so
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libtiffdocument.so
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libxpsdocument.so
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/pdfdocument.evince-backend
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/psdocument.evince-backend
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/tiffdocument.evince-backend
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/xpsdocument.evince-backend
OK
| /usr/lib/i386-linux-gnu/libevdocument3.so.4.0.0
OK
| /usr/share/doc/libevdocument3-4/AUTHORS
OK
| /usr/share/doc/libevdocument3-4/NEWS.gz
OK
| /usr/share/doc/libevdocument3-4/README
OK
| /usr/share/doc/libevdocument3-4/TODO
OK
| /usr/share/doc/libevdocument3-4/changelog.Debian.gz
OK
| /usr/share/doc/libevdocument3-4/copyright
OK
| /usr/share/lintian/overrides/libevdocument3-4
OK
`
As We can see, there are two 'FAILED' results. So the file's MD5 sum
does not match, right? What do you think about this? Is this a bug or
something on my side went wrong?
Sebastien, I apologize You once again, for such a long time without
answer. Best regards.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1835285
Title:
PDF files don't open; "Failed to load backend for 'application/pdf':
libpdfdocument.so" and "Invalid ELF header".
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1835285/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1835285] Re: PDF files don't open; "Failed to load backend for 'application/pdf': libpdfdocument.so" and "Invalid ELF header".
** Summary changed: - PDF files do not open. 'Failed to load backend for 'application/pdf': libpdfdocument.so' and 'Invalid ELF header'. + PDF files don't open; "Failed to load backend for 'application/pdf': libpdfdocument.so" and "Invalid ELF header". ** Description changed: Hello. On Wed, Jun 19. 2019, Evince has been updated to version '3.18.2-1ubuntu4.5' [1]. This update added, among other things, some hardening from Ubuntu 18.10 Release. However, now, it is impossible to open any '.pdf' files. When I try to open such file, there is an information (on the red background) in the main Evince window. And It looks this way: - - ,[ Evince .pdf issue ] + ,[ Opening '.pdf' error ] | | Cannot open document „file:///home/user/Docs/foo-bar.pdf”. | Failed to load backend for 'application/pdf': | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF | header | ` - - There is a reference to '/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' file via terminal, but nothing changed. Here are the results: - + There is a reference to »/usr/lib/i386-linux- + gnu/evince/4/backends/libpdfdocument.so«. According to `dpkg(1)` command + this file is a part of the 'libevdocument3-4' package, which is + installed already (version '3.18.2-1ubuntu4.5'). I also tried to open + '.pdf' file via terminal, but nothing changed. Here are the results: ,[ $ evince Docs/foo-bar.pdf ] | | (evince:26918): EvinceDocument-WARNING **: | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF | header | | (evince:26918): EvinceDocument-WARNING **: | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF | header | ` + I think, that the whole problem is/could be related with AppArmor and + Evince profile changes in the latest update, because - for example - day + before, before update, everything was okay. Anyway, described + problem/issue started to happen right after Evince update. (To check + differences between AppArmor profile versions, please see 2. and 3.). + There is one more thing to notice: Evince profile, has never been + changed by the User. - I think, that the whole problem is related with AppArmor changes in the latest update, because - for example - day before everything was okay. The described problem started right after Evince updated to the latest version. (To check differences between versions, please see 2. and 3.). The 'Evince' profile has never been changed by the Users. + If it's about AppArmor: I've tried to change Evince profile mode from + 'enforce' to 'complain'. Unfortunately, nothing changed. There wasn't + any valuable entries in system log files etc. (I'm sorry, but for now, I + can not check other variants/solutions, such as: (a) disable Evince + profile via `aa-disable(8)` command or (b) make links between + »/etc/apparmor.d/usr.bin.evince« file and »/etc/apparmor.d/disable/« + directory, next use `apparmor_parser(8)` command to remove profile etc.) - If it's about AppArmor: I've tried to change Evince profile mode form 'enforce' to 'complain'. Unfortunately, nothing changed. There wasn't any valuable entries in system log files etc. (I'm sorry, but for now, I can not check other variants/solutions, such as: (a) disabling Evince profile with 'aa-disable(8)' command or (b) making links between '/etc/apparmor.d/usr.bin.evince' and '/etc/apparmor.d/disable/' directory, next using 'apparmor_parser(8)' command to remove profile etc.) - + ✖ NOTE: to make some more tests, I've tried to open '.djvu' file, but + without success. It seems, that there is exactly the same informations + as with '.pdf' files. Of course, Evince + (»/etc/apparmor.d/usr.bin.evince«) profile contains rule to open such + file format etc. and many others, see 4. So, according to all of this, + maybe "Summary" should be changed to reflect this situation? Maybe + something like: "PDF and other files don't open; "Failed to load (...)". + + Sebastien, what do You think?. + + Here are some additional informations: ✗ Description: Ubuntu 16.04.6 LTS ✗ Release: 16.04 ✗ Architecture: x86_32/i386 - ✗ Linux: 4.4.0-154-generic (4.4.0-155-generic is already installed, but reboot is needed) + ✗ Linux: 4.4.0-155-generic ✓ AppArmor: 2.10.95-0ubuntu2.11 ✓ Evince: 3.18.2-1ubuntu4.5 - Best regards. __ [1] https://lists.ubuntu.com/archives/xenial-changes/2019-June/024691.html [2] http://launchpadlibrarian.net/429511526/evince_3.18.2-1ubuntu4.4_3.18.2-1ubuntu4.5.diff.gz [3] http://launchpadlibrarian.net/429293224/evince_3.18.2-1ubuntu4.1_3.18.2-1ubuntu4.5.diff.gz + [4]
[Bug 1835285] Re: PDF files do not open. 'Failed to load backend for 'application/pdf': libpdfdocument.so' and 'Invalid ELF header'.
** Description changed: Hello. On Wed, Jun 19. 2019, Evince has been updated to version '3.18.2-1ubuntu4.5' [1]. This update added, among other things, some - hardening from Ubuntu 18.10 Release. However, it seems to be impossible - to open any '.pdf' files. After Evince update, I notices I can't open - any '.pdf'. When I try to do it, Evince show this info: + hardening from Ubuntu 18.10 Release. However, now, it is impossible to + open any '.pdf' files. When I try to open such file, there is an + information (on the red background) in the main Evince window. And It + looks this way: ,[ Evince .pdf issue ] | | Cannot open document „file:///home/user/Docs/foo-bar.pdf”. | Failed to load backend for 'application/pdf': | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF | header | ` There is a reference to '/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' file via terminal, but nothing changed. Here are the results: ,[ $ evince Docs/foo-bar.pdf ] | | (evince:26918): EvinceDocument-WARNING **: | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF | header | | (evince:26918): EvinceDocument-WARNING **: | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF | header | ` I think, that the whole problem is related with AppArmor changes in the latest update, because - for example - day before everything was okay. The described problem started right after Evince updated to the latest version. (To check differences between versions, please see 2. and 3.). The 'Evince' profile has never been changed by the Users. If it's about AppArmor: I've tried to change Evince profile mode form 'enforce' to 'complain'. Unfortunately, nothing changed. There wasn't any valuable entries in system log files etc. (I'm sorry, but for now, I can not check other variants/solutions, such as: (a) disabling Evince profile with 'aa-disable(8)' command or (b) making links between '/etc/apparmor.d/usr.bin.evince' and '/etc/apparmor.d/disable/' directory, next using 'apparmor_parser(8)' command to remove profile etc.) + Here are some additional informations: - Here are some technical informations: + ✗ Description: Ubuntu 16.04.6 LTS + ✗ Release: 16.04 + ✗ Architecture: x86_32/i386 + ✗ Linux: 4.4.0-154-generic (4.4.0-155-generic is already installed, but reboot is needed) - ✗ Description:Ubuntu 16.04.6 LTS - ✗ Release:16.04 - ✗ Architecture: x86_32/i386 - ✗ Linux kernel: 4.4.0-154-generic (4.4.0-155-generic is already installed, but reboot is needed) - - ✓ AppArmor: 2.10.95-0ubuntu2.11 - ✓ Evince: 3.18.2-1ubuntu4.5 + ✓ AppArmor: 2.10.95-0ubuntu2.11 + ✓ Evince: 3.18.2-1ubuntu4.5 Best regards. __ [1] https://lists.ubuntu.com/archives/xenial-changes/2019-June/024691.html [2] http://launchpadlibrarian.net/429511526/evince_3.18.2-1ubuntu4.4_3.18.2-1ubuntu4.5.diff.gz [3] http://launchpadlibrarian.net/429293224/evince_3.18.2-1ubuntu4.1_3.18.2-1ubuntu4.5.diff.gz -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/1835285 Title: PDF files do not open. 'Failed to load backend for 'application/pdf': libpdfdocument.so' and 'Invalid ELF header'. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1835285/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1835285] Re: PDF files do not open. 'Failed to load backend for 'application/pdf': libpdfdocument.so' and 'Invalid ELF header'.
** Description changed: Hello. On Wed, Jun 19. 2019, Evince has been updated to version '3.18.2-1ubuntu4.5' [1]. This update added, among other things, some hardening from Ubuntu 18.10 Release. However, it seems to be impossible to open any '.pdf' files. After Evince update, I notices I can't open any '.pdf'. When I try to do it, Evince show this info: ,[ Evince .pdf issue ] | | Cannot open document „file:///home/user/Docs/foo-bar.pdf”. - | Failed to load backend for 'application/pdf': /usr/lib/i386-linux-gnu/evince/4/backends - | /libpdfdocument.so: Invalid ELF header + | Failed to load backend for 'application/pdf': + | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF header | ` There is a reference to '/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' file via terminal, but nothing changed. Here are the results: ,[ $ evince Docs/foo-bar.pdf ] | - | (evince:26918): EvinceDocument-WARNING **: /usr/lib/i386-linux-gnu/evince/4/backends - | /libpdfdocument.so: Invalid ELF header + | (evince:26918): EvinceDocument-WARNING **: + | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF header | - | (evince:26918): EvinceDocument-WARNING **: /usr/lib/i386-linux-gnu/evince/4/backends - | /libpdfdocument.so: Invalid ELF header + | (evince:26918): EvinceDocument-WARNING **: + | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF header | ` I think, that the whole problem is related with AppArmor changes in the latest update, because - for example - day before everything was okay. The described problem started right after Evince updated to the latest version. (To check differences between versions, please see 2. and 3.). The 'Evince' profile has never been changed by the Users. If it's about AppArmor: I've tried to change Evince profile mode form 'enforce' to 'complain'. Unfortunately, nothing changed. There wasn't any valuable entries in system log files etc. (I'm sorry, but for now, I can not check other variants/solutions, such as: (a) disabling Evince profile with 'aa-disable(8)' command or (b) making links between '/etc/apparmor.d/usr.bin.evince' and '/etc/apparmor.d/disable/' directory, next using 'apparmor_parser(8)' command to remove profile etc.) Here are some technical informations: ✗ Description:Ubuntu 16.04.6 LTS ✗ Release:16.04 ✗ Architecture: x86_32/i386 ✗ Linux kernel: 4.4.0-154-generic (4.4.0-155-generic is already installed, but reboot is needed) ✓ AppArmor: 2.10.95-0ubuntu2.11 ✓ Evince: 3.18.2-1ubuntu4.5 Best regards. __ [1] https://lists.ubuntu.com/archives/xenial-changes/2019-June/024691.html [2] http://launchpadlibrarian.net/429511526/evince_3.18.2-1ubuntu4.4_3.18.2-1ubuntu4.5.diff.gz [3] http://launchpadlibrarian.net/429293224/evince_3.18.2-1ubuntu4.1_3.18.2-1ubuntu4.5.diff.gz ** Description changed: Hello. On Wed, Jun 19. 2019, Evince has been updated to version '3.18.2-1ubuntu4.5' [1]. This update added, among other things, some hardening from Ubuntu 18.10 Release. However, it seems to be impossible to open any '.pdf' files. After Evince update, I notices I can't open any '.pdf'. When I try to do it, Evince show this info: ,[ Evince .pdf issue ] | | Cannot open document „file:///home/user/Docs/foo-bar.pdf”. | Failed to load backend for 'application/pdf': - | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF header + | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF + | header | ` There is a reference to '/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' file via terminal, but nothing changed. Here are the results: ,[ $ evince Docs/foo-bar.pdf ] | | (evince:26918): EvinceDocument-WARNING **: - | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF header + | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF + | header | | (evince:26918): EvinceDocument-WARNING **: - | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF header + | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF + | header | ` I think, that the whole problem is related with AppArmor changes in the latest update, because - for example - day before everything was okay. The described problem started right after Evince updated to the latest version. (To check differences between versions, please
[Bug 1835285] [NEW] PDF files do not open. 'Failed to load backend for 'application/pdf': libpdfdocument.so' and 'Invalid ELF header'.
Public bug reported: Hello. On Wed, Jun 19. 2019, Evince has been updated to version '3.18.2-1ubuntu4.5' [1]. This update added, among other things, some hardening from Ubuntu 18.10 Release. However, it seems to be impossible to open any '.pdf' files. After Evince update, I notices I can't open any '.pdf'. When I try to do it, Evince show this info: ,[ Evince .pdf issue ] | | Cannot open document „file:///home/user/Docs/foo-bar.pdf”. | Failed to load backend for 'application/pdf': /usr/lib/i386-linux-gnu/evince/4/backends | /libpdfdocument.so: Invalid ELF header | ` There is a reference to '/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' file via terminal, but nothing changed. Here are the results: ,[ $ evince Docs/foo-bar.pdf ] | | (evince:26918): EvinceDocument-WARNING **: /usr/lib/i386-linux-gnu/evince/4/backends | /libpdfdocument.so: Invalid ELF header | | (evince:26918): EvinceDocument-WARNING **: /usr/lib/i386-linux-gnu/evince/4/backends | /libpdfdocument.so: Invalid ELF header | ` I think, that the whole problem is related with AppArmor changes in the latest update, because - for example - day before everything was okay. The described problem started right after Evince updated to the latest version. (To check differences between versions, please see 2. and 3.). The 'Evince' profile has never been changed by the Users. If it's about AppArmor: I've tried to change Evince profile mode form 'enforce' to 'complain'. Unfortunately, nothing changed. There wasn't any valuable entries in system log files etc. (I'm sorry, but for now, I can not check other variants/solutions, such as: (a) disabling Evince profile with 'aa-disable(8)' command or (b) making links between '/etc/apparmor.d/usr.bin.evince' and '/etc/apparmor.d/disable/' directory, next using 'apparmor_parser(8)' command to remove profile etc.) Here are some technical informations: ✗ Description: Ubuntu 16.04.6 LTS ✗ Release: 16.04 ✗ Architecture: x86_32/i386 ✗ Linux kernel: 4.4.0-154-generic (4.4.0-155-generic is already installed, but reboot is needed) ✓ AppArmor: 2.10.95-0ubuntu2.11 ✓ Evince: 3.18.2-1ubuntu4.5 Best regards. __ [1] https://lists.ubuntu.com/archives/xenial-changes/2019-June/024691.html [2] http://launchpadlibrarian.net/429511526/evince_3.18.2-1ubuntu4.4_3.18.2-1ubuntu4.5.diff.gz [3] http://launchpadlibrarian.net/429293224/evince_3.18.2-1ubuntu4.1_3.18.2-1ubuntu4.5.diff.gz ** Affects: evince (Ubuntu) Importance: Undecided Status: New ** Tags: elf evince header libpdfdocument.so pdf xenial -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/1835285 Title: PDF files do not open. 'Failed to load backend for 'application/pdf': libpdfdocument.so' and 'Invalid ELF header'. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1835285/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789).
** Changed in: gimp (Ubuntu Xenial) Status: Confirmed => New ** Information type changed from Public Security to Private Security -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gimp in Ubuntu. https://bugs.launchpad.net/bugs/1773561 Title: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789).
** Changed in: gimp (Ubuntu) Status: Confirmed => Incomplete ** Changed in: gimp (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gimp in Ubuntu. https://bugs.launchpad.net/bugs/1773561 Title: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789).
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gimp in Ubuntu. https://bugs.launchpad.net/bugs/1773561 Title: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789).
** Summary changed:
- Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017-*).
+ Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017:
17784-17789).
** Description changed:
Hello.
GIMP package ('Universe/Security' section), available in "Xenial"/16.04
LTS Release, contains unfixed security issues and is vulnerable to, for
example, heap-buffer over-read, out of bounds read and stack-based
- buffer over-read etc. The whole this is pretty strange, because Ubuntu
+ buffer over-read etc. The whole thing is pretty strange, because Ubuntu
Releases released before and after "Xenial", contains updated GIMP
- version!
+ package!
Anyway, it looks this way: in "Trusty" the available version is:
'2.8.10-0ubuntu1.2' (please see [1]). "Bionic" has '2.8.20-1.1' version
(please see [2]). Both Releases contains fixes for mentioned security
issues: CVE-2017-* etc. However, GIMP version in "Xenial" is
'2.8.16-1ubuntu1.1' and does not contain any security updates from 2017.
(The last one is from Thu, 30 Jun 2016.; please see [3]).
Security updates with fixes for mentioned CVE's (please compare changes
in 1. and 2. with 3.) were released on Thu., 18 Jan 2018 - for "Trusty"
and Tue., 26 Dec 2017 - for "Bionic". In "Xenial", the last security
update is from Thu., 30 Jun 2016 (fix for CVE-2016-4994) and there is no
further updates!
- Here is a CVE list, which are not fixed in "Xenial", but in "Trusty" and
- "Bionic" only:
+ Here is a CVE list of security issues not fixed in "Xenial", but in
+ "Trusty" and "Bionic" etc.:
- 1/ CVE-2017-17786: Out of bounds read
- 2/ CVE-2017-17789: Heap-based buffer overflow in read_channel_data
- 3/ CVE-2017-17784: Heap-buffer over-read in load_image file-gbr.c
+ 1/ CVE-2017-17784: Heap-buffer over-read in load_image file-gbr.c
+ 2/ CVE-2017-17785: Heap-based buffer overflow in fli_read_brun function
+ 3/ CVE-2017-17786: Out of bounds read
4/ CVE-2017-17787: Heap-based buffer over-read in read_creator_block
- 5/ CVE-2017-17785: Heap-based buffer overflow in fli_read_brun function
- 6/ CVE-2017-17788: Stack-based buffer over-read in xcf_load_stream
+ 5/ CVE-2017-17788: Stack-based buffer over-read in xcf_load_stream
+ 6/ CVE-2017-17789: Heap-based buffer overflow in read_channel_data
- I wanted to send an email an email to Mr Marc Deslauriers, because he
- made the last security update for GIMP in "Xenial" (fix for
- CVE-2016-4994). But I decided to report a bug on Launchpad. I hope that
- it's an acceptable way. If not, I'm sorry.
+ And the most important thing: if User had installed GIMP package in
+ "Xenial" Release, he is affected - since one year, at least - because of
+ a vulnerable version. Security issues, mentioned above, are from 2017.
+ So, maybe it's a good opportunity to update GIMP to v2.10.2 version,
+ released on 20., May 2018? (Version 2.8.X is very outdated).
- ✗✗✗ And the most important thing: if an User had installed GIMP package
- in "Xenial" Release, he is affected because he is using a vulnerable
- version since one year! Security issues, mentioned above, are from 2017.
- So, maybe it's a good opportunity to update GIMP to v2.10.2 version,
- released on 20., May 2018? At least in non-LTS Releases. Of course I'm
- not talking about "Cosmic" here. (Version 2.8.X is very outdated).
+ I wanted to send an email to Mr Marc Deslauriers, because he made the
+ last security update for GIMP in "Xenial" (fix for CVE-2016-4994). But I
+ decided to report a bug on Launchpad. I hope that it's an acceptable
+ way. If not, I'm sorry.
By the way: similar problems with unfixed security issues, can be found
e.g. in Audacious and Parole packages. But that's a different story,
completely different story...
Thanks, best regards.
__
1.
http://changelogs.ubuntu.com/changelogs/pool/main/g/gimp/gimp_2.8.10-0ubuntu1.2/changelog
2.
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.20-2/changelog
3.
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.16-1ubuntu1.1/changelog
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1773561
Title:
Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017:
17784-17789).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017-*).
** Description changed:
Hello.
GIMP package ('Universe/Security' section), available in "Xenial"/16.04
LTS Release, contains unfixed security issues and is vulnerable to, for
example, heap-buffer over-read, out of bounds read and stack-based
buffer over-read etc. The whole this is pretty strange, because Ubuntu
Releases released before and after "Xenial", contains updated GIMP
version!
Anyway, it looks this way: in "Trusty" the available version is:
'2.8.10-0ubuntu1.2' (please see [1]). "Bionic" has '2.8.20-1.1' version
(please see [2]). Both Releases contains fixes for mentioned security
issues: CVE-2017-* etc. However, GIMP version in "Xenial" is
'2.8.16-1ubuntu1.1' and does not contain any security updates from 2017.
(The last one is from Thu, 30 Jun 2016.; please see [3]).
Security updates with fixes for mentioned CVE's (please compare changes
in 1. and 2. with 3.) were released on Thu., 18 Jan 2018 - for "Trusty"
and Tue., 26 Dec 2017 - for "Bionic". In "Xenial", the last security
update is from Thu., 30 Jun 2016 (fix for CVE-2016-4994) and there is no
further updates!
Here is a CVE list, which are not fixed in "Xenial", but in "Trusty" and
"Bionic" only:
1/ CVE-2017-17786: Out of bounds read
2/ CVE-2017-17789: Heap-based buffer overflow in read_channel_data
3/ CVE-2017-17784: Heap-buffer over-read in load_image file-gbr.c
4/ CVE-2017-17787: Heap-based buffer over-read in read_creator_block
5/ CVE-2017-17785: Heap-based buffer overflow in fli_read_brun function
6/ CVE-2017-17788: Stack-based buffer over-read in xcf_load_stream
I wanted to send an email an email to Mr Marc Deslauriers, because he
made the last security update for GIMP in "Xenial" (fix for
CVE-2016-4994). But I decided to report a bug on Launchpad. I hope that
it's an acceptable way. If not, I'm sorry.
+ ✗✗✗ And the most important thing: if an User had installed GIMP package
+ in "Xenial" Release, he is affected because he is using a vulnerable
+ version since one year! Security issues, mentioned above, are from 2017.
+ So, maybe it's a good opportunity to update GIMP to v2.10.2 version,
+ released on 20., May 2018? At least in non-LTS Releases. Of course I'm
+ not talking about "Cosmic" here. (Version 2.8.X is very outdated).
+
By the way: similar problems with unfixed security issues, can be found
e.g. in Audacious and Parole packages. But that's a different story,
completely different story...
Thanks, best regards.
__
1.
http://changelogs.ubuntu.com/changelogs/pool/main/g/gimp/gimp_2.8.10-0ubuntu1.2/changelog
2.
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.20-2/changelog
3.
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.16-1ubuntu1.1/changelog
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1773561
Title:
Xenial/16.04: GIMP needs a security update - unfixed issues
(CVE-2017-*).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017-*).
I don't know why 'fglrx-installer' was chosen as an affected package. During creating a report I've chosen 'gimp' package. ** Package changed: fglrx-installer (Ubuntu) => gimp (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gimp in Ubuntu. https://bugs.launchpad.net/bugs/1773561 Title: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017-*). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Hi Marc. I apologize for not mentioning a release type. It's Xubuntu 16.04 LTS. For now, I have no access to my other computer with Ubuntu 16.04 LTS so I can not verify this issue. Sorry. Is it a problem, that incorrect permission - in this case - are in Xubuntu and not in Ubuntu? Will it be fixed? Thanks and I apologize once again. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Hello. On 16.04 LTS (16.04.4) Release it looks this way: [~]$ ls -ld .config/ drwxr-xr-x 24 user1 user1 4096 apr 14 18:21 .config/ [~]$ ls -ld .local/ drwx-- 3 user1 user1 4096 apr 30 2017 .local/ Thanks. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
