[Group.of.nepali.translators] [Bug 1771826] Re: Creation of IMA file hashes fails when appraisal is enabled

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-130.156

---
linux (4.4.0-130.156) xenial; urgency=medium

  * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

  * CVE-2018-3665 (x86)
- x86/fpu: Fix early FPU command-line parsing
- x86/fpu: Fix 'no387' regression
- x86/fpu: Disable MPX when eagerfpu is off
- x86/fpu: Default eagerfpu=on on all CPUs
- x86/fpu: Fix FNSAVE usage in eagerfpu mode
- x86/fpu: Fix math emulation in eager fpu mode
- x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

  * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

  * Xenial update to 4.4.134 stable release (LP: #1775771)
- MIPS: ptrace: Expose FIR register through FP regset
- MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
- KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
- affs_lookup(): close a race with affs_remove_link()
- aio: fix io_destroy(2) vs. lookup_ioctx() race
- ALSA: timer: Fix pause event notification
- mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
- libata: Blacklist some Sandisk SSDs for NCQ
- libata: blacklist Micron 500IT SSD with MU01 firmware
- xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
- Revert "ipc/shm: Fix shmat mmap nil-page protection"
- ipc/shm: fix shmat() nil address after round-down when remapping
- kasan: fix memory hotplug during boot
- kernel/sys.c: fix potential Spectre v1 issue
- kernel/signal.c: avoid undefined behaviour in kill_something_info
- xfs: remove racy hasattr check from attr ops
- do d_instantiate/unlock_new_inode combinations safely
- firewire-ohci: work around oversized DMA reads on JMicron controllers
- NFSv4: always set NFS_LOCK_LOST when a lock is lost.
- ALSA: hda - Use IS_REACHABLE() for dependency on input
- ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
- kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
- tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
  account
- PCI: Add function 1 DMA alias quirk for Marvell 9128
- tools lib traceevent: Simplify pointer print logic and fix %pF
- perf callchain: Fix attr.sample_max_stack setting
- tools lib traceevent: Fix get_field_str() for dynamic strings
- dm thin: fix documentation relative to low water mark threshold
- nfs: Do not convert nfs_idmap_cache_timeout to jiffies
- watchdog: sp5100_tco: Fix watchdog disable bit
- kconfig: Don't leak main menus during parsing
- kconfig: Fix automatic menu creation mem leak
- kconfig: Fix expr_free() E_NOT leak
- ipmi/powernv: Fix error return code in ipmi_powernv_probe()
- Btrfs: set plug for fsync
- btrfs: Fix out of bounds access in btrfs_search_slot
- Btrfs: fix scrub to repair raid6 corruption
- scsi: fas216: fix sense buffer initialization
- HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
- jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
- powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
- powerpc/numa: Ensure nodes initialized for hotplug
- RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
- ntb_transport: Fix bug with max_mw_size parameter
- ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
- ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
- ocfs2: return error when we attempt to access a dirty bh in jbd2
- mm/mempolicy: fix the check of nodemask from user
- mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
- asm-generic: provide generic_pmdp_establish()
- mm: pin address_space before dereferencing it while isolating an LRU page
- IB/ipoib: Fix for potential no-carrier state
- x86/power: Fix swsusp_arch_resume prototype
- firmware: dmi_scan: Fix handling of empty DMI strings
- ACPI: processor_perflib: Do not send _PPC change notification if not ready
- MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
- xen-netfront: Fix race between device setup and open
- xen/grant-table: Use put_page instead of free_page
- RDS: IB: Fix null pointer issue
- arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
- proc: fix /proc/*/map_files lookup
- cifs: silence compiler warnings showing up with gcc-8.0.0
- bcache: properly set task state in bch_writeback_thread()
- bcache: fix for allocator and register thread race
- bcache: fix for data collapse after re-attaching an attached device
- bcache: return attach error when no cache set exist
- tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
- locking/qspinlock: Ensure node->count is updated before initialising node
- irqchip/gic-v3: Change pr_debug message to pr_devel
- scsi: ufs: Enable quirk to ignore 

[Group.of.nepali.translators] [Bug 1771826] Re: Creation of IMA file hashes fails when appraisal is enabled

[Joseph Salisbury]

** Changed in: linux (Ubuntu)
   Status: Triaged => Invalid

** Changed in: linux (Ubuntu Xenial)
   Status: Triaged => In Progress

** Changed in: linux (Ubuntu Xenial)
 Assignee: (unassigned) => Joseph Salisbury (jsalisbury)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1771826

Title:
  Creation of IMA file hashes fails when appraisal is enabled

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  In Progress

Bug description:
  On a system that has IMA appraisal enabled it is impossible to create
  security.ima extended attribute files that contain IMA hash.

  For instance, consider the following use case:

  1) extract application files to a staging area as non root user
  2) verify that installation is correct
  3) create IMA extended attributes for the installed files
  4) move the files to their destination
  5) change the files ownership to root

  With kernel 4.4.x step 3 will fail.

  The issues is fixed in upstream kernels by the following commit [1]:

  commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b
  Author: Mimi Zohar 
  Date:   Wed Nov 2 09:14:16 2016 -0400

  Revert "ima: limit file hash setting by user to fix and log modes"

  [1] 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i
  d=f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-124-generic 4.4.0-124.148
  ProcVersionSignature: User Name 4.4.0-124.148-generic 4.4.117
  Uname: Linux 4.4.0-124-generic x86_64
  AlsaDevices:
   total 0
   crw-rw 1 root audio 116,  1 May 17 14:07 seq
   crw-rw 1 root audio 116, 33 May 17 14:07 timer
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
  ApportVersion: 2.20.1-0ubuntu2.15
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
  CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 
not found.
  Date: Thu May 17 14:08:59 2018
  IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
  PciMultimedia:

  ProcFB:

  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic 
root=UUID=aef88a4e-dbea-4cc7-be8b-03cf8501cc8f ro biosdevname=0 net.ifnames=0 
console=tty1 console=ttyS0 crashkernel=384M-:128M
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-124-generic N/A
   linux-backports-modules-4.4.0-124-generic  N/A
   linux-firmware 1.157.17
  RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 04/01/2014
  dmi.bios.vendor: SeaBIOS
  dmi.bios.version: rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org
  dmi.chassis.type: 1
  dmi.chassis.vendor: QEMU
  dmi.chassis.version: pc-i440fx-2.12
  dmi.modalias: 
dmi:bvnSeaBIOS:bvrrel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12:
  dmi.product.name: Standard PC (i440FX + PIIX, 1996)
  dmi.product.version: pc-i440fx-2.12
  dmi.sys.vendor: QEMU

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1771826/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1771826] Re: Creation of IMA file hashes fails when appraisal is enabled

[Joseph Salisbury]

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu)
   Status: Confirmed => Triaged

** Changed in: linux (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1771826

Title:
  Creation of IMA file hashes fails when appraisal is enabled

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  In Progress

Bug description:
  On a system that has IMA appraisal enabled it is impossible to create
  security.ima extended attribute files that contain IMA hash.

  For instance, consider the following use case:

  1) extract application files to a staging area as non root user
  2) verify that installation is correct
  3) create IMA extended attributes for the installed files
  4) move the files to their destination
  5) change the files ownership to root

  With kernel 4.4.x step 3 will fail.

  The issues is fixed in upstream kernels by the following commit [1]:

  commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b
  Author: Mimi Zohar 
  Date:   Wed Nov 2 09:14:16 2016 -0400

  Revert "ima: limit file hash setting by user to fix and log modes"

  [1] 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i
  d=f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-124-generic 4.4.0-124.148
  ProcVersionSignature: User Name 4.4.0-124.148-generic 4.4.117
  Uname: Linux 4.4.0-124-generic x86_64
  AlsaDevices:
   total 0
   crw-rw 1 root audio 116,  1 May 17 14:07 seq
   crw-rw 1 root audio 116, 33 May 17 14:07 timer
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
  ApportVersion: 2.20.1-0ubuntu2.15
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
  CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 
not found.
  Date: Thu May 17 14:08:59 2018
  IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
  PciMultimedia:

  ProcFB:

  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic 
root=UUID=aef88a4e-dbea-4cc7-be8b-03cf8501cc8f ro biosdevname=0 net.ifnames=0 
console=tty1 console=ttyS0 crashkernel=384M-:128M
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-124-generic N/A
   linux-backports-modules-4.4.0-124-generic  N/A
   linux-firmware 1.157.17
  RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 04/01/2014
  dmi.bios.vendor: SeaBIOS
  dmi.bios.version: rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org
  dmi.chassis.type: 1
  dmi.chassis.vendor: QEMU
  dmi.chassis.version: pc-i440fx-2.12
  dmi.modalias: 
dmi:bvnSeaBIOS:bvrrel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12:
  dmi.product.name: Standard PC (i440FX + PIIX, 1996)
  dmi.product.version: pc-i440fx-2.12
  dmi.sys.vendor: QEMU

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1771826/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp