[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Tom]

2.11.1-0ubuntu7.15 fixes all my problems with nscd and LDAP logins. Apt works 
again.
Many thanks for pushing the patch out!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Bart]

apt-get remove nscd solves the problem ...
Waiting for a fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Chris Vigelius]

For all those who are hit by this and need to get their production
server up again ASAP, here's an emergency workaround (downgrading libc6
to 2.11.1-0ubuntu7.13):

x86:
dpkg -i /var/cache/apt/archives/libc-bin_2.11.1-0ubuntu7.13_i386.deb 
dpkg -i /var/cache/apt/archives/libc6_2.11.1-0ubuntu7.13_i386.deb

x64:
sudo dpkg -i /var/cache/apt/archives/libc-bin_2.11.1-0ubuntu7.13_amd64.deb 
sudo dpkg -i /var/cache/apt/archives/libc6_2.11.1-0ubuntu7.13_amd64.deb

If you don't have the packages in /var/cache/apt/archives, you can get
them from http://archive.ubuntu.com/ubuntu/pool/main/e/eglibc/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Bart Swennen]

No need to uninstall or downgrade packages:

service nscd stop

also solves the problem for now.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Tom]

Stopping nscd is not an option for those of us using LDAP
authentication. It's not really a fix.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Blinker]

Same story here. As a temporary resolution i disabled nscd-daemon on all
Ubuntu 10.04 servers.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

** Changed in: eglibc (Ubuntu)
 Assignee: TJ (tj) = Marc Deslauriers (mdeslaur)

** Also affects: eglibc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: eglibc (Ubuntu Utopic)
   Importance: Critical
 Assignee: Marc Deslauriers (mdeslaur)
   Status: In Progress

** Also affects: eglibc (Ubuntu Lucid)
   Importance: Undecided
   Status: New

** Also affects: eglibc (Ubuntu Precise)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress
Status in “eglibc” source package in Lucid:
  New
Status in “eglibc” source package in Precise:
  New
Status in “eglibc” source package in Trusty:
  New
Status in “eglibc” source package in Utopic:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

** Changed in: eglibc (Ubuntu Trusty)
   Status: New = Invalid

** Changed in: eglibc (Ubuntu Utopic)
   Status: In Progress = Invalid

** Changed in: eglibc (Ubuntu Precise)
   Status: New = Invalid

** Changed in: eglibc (Ubuntu Lucid)
   Importance: Undecided = Critical

** Changed in: eglibc (Ubuntu Utopic)
   Importance: Critical = Undecided

** Changed in: eglibc (Ubuntu Utopic)
 Assignee: Marc Deslauriers (mdeslaur) = (unassigned)

** Changed in: eglibc (Ubuntu Lucid)
 Assignee: (unassigned) = Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  New
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  New
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

I am currently preparing an updated package, and will put it in the
following PPA:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages

Once it is built, as soon as someone can test it and make sure it solves
the issue, I will publish it.

Does anyone have steps to reproduce the issue?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Launchpad Bug Tracker]

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: eglibc (Ubuntu Lucid)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

Is everyone that is hitting this issue running nscd with ldap?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Ro]

@Marc: Yes, running nscd with ldap.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Frits Letteboer]

I'm using nscd with MySQL

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Steve Mumford]

Also using nscd with LDAP; first noticed the issue with MySQL failing

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

The amd64 packages have finished building in the following PPA:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages

Could someone who can reproduce please test them and see if they solve
the issue?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Bobby Walker]

Verified that this corrects the issue in my environments as well.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Alex Vandiver]

Confirmed that fixes the problem for me.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Blaine Fleming]

I can confirm that this update fixes the problem for me in multiple
environments.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Blinker]

@mdeslaur Fix confirmed!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Bart]

ppa packages for amd64 tested :
fix OK !

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Kelly Davis]

This is also impacting cfagent:

sudo cfagent -v
*** glibc detected *** cfagent: free(): invalid pointer: 0x7fe23a80b45d ***
=== Backtrace: =
/lib/libc.so.6(+0x78cc6)[0x7fe239377cc6]
/lib/libc.so.6(cfree+0x73)[0x7fe23937e303]
/lib/libc.so.6(+0x125ec9)[0x7fe239424ec9]
/lib/libc.so.6(+0x12628b)[0x7fe23942528b]
/lib/libc.so.6(getservbyname_r+0x183)[0x7fe239407de3]
/lib/libc.so.6(getservbyname+0x7b)[0x7fe239407b5b]
cfagent[0x418cc3]
cfagent[0x40792b]
cfagent[0x40851e]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fe23931dcad]
cfagent[0x4047f9]

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Bobby Walker]

@kldavis4  We've verified that stopping nscd will allow cfagent to
function again.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Blaine Fleming]

@wondersir Stop nscd then apply the updates via aptitude/apt

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

Thanks for testing everyone!

As soon as all the build are finished, I'll release it as a security
regression fix.

Sorry for the inconvenience.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Ulli Horlacher]

WE, who are subscribed to this bug, know that we have to disable nscd, but
what about all others?
Their (automatic) update mechanism is defunct and they will not get
ANY security updates (including the glibc fix), until they manually stop
nscd! 
This is really a BAD situation!

See also
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1352876

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[tux]

@Blaine Fleming - ah, thanks!
For anyone else in a panic, here's what I did. 

   # /etc/init.d/nscd stop
   # sudo add-apt-repository ppa:ubuntu-security-proposed/ppa
   # aptitude update
   # aptitude safe-upgrade

and you shoudl see updates from the new ppa:

   ...
   The following packages will be upgraded:
 libc-bin libc-dev-bin libc6 libc6-dev libc6-i386 nscd 
   6 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
   Need to get 12.2MB of archives. After unpacking 4,096B will be used.
   Do you want to continue? [Y/n/?] y
   Writing extended state information... Done
   ...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[TJ]

Before signing off for sleep this morning I investigated how to install
the new packages on a system that fails apt-get. It seems the best
solution is a pair of {pre,post}.inst script stanzas keyed to the broken
version only, which stop and start the services that cause the SIGSEGV
whilst the package upgrade is in progress.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

The regression will be announced on the ubuntu-security-announce mailing
list.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[tux]

@Marc Deslauriers - thanks for getting this fixed so quick!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Launchpad Bug Tracker]

This bug was fixed in the package eglibc - 2.11.1-0ubuntu7.15

---
eglibc (2.11.1-0ubuntu7.15) lucid-security; urgency=medium

  * SECURITY REGRESSION: segfault when using nscd (LP: #1352504)
- debian/patches/lp1352504.diff: don't free non-malloced memory and fix
  memory leak in nscd/nscd_getserv_r.c.
 -- Marc Deslauriers marc.deslauri...@ubuntu.com   Tue, 05 Aug 2014 07:57:55 
-0400

** Changed in: eglibc (Ubuntu Lucid)
   Status: Confirmed = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Frank Delin]

Thanks for the patch.  What do I need to do to apply it, the regular
update then upgrade doesn't seem to see it

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

You need to wait until the packages are available in the
archive...probably in ~20 minutes, then the regular update and dist-
upgrade should work after you're stopped nscd.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Dan Woodard]

Did the update and now with service nscd running, things seem fine.
Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Scott Balneaves]

Confirmed 2.11.1-0ubuntu7.15 works here as well.  Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Kelly Davis]

I am still not seeing 2.11.1-0ubuntu7.15 when I run 'apt-get install
libc6' it says it is already the newest version. dpkg -l shows these
2.11.1-0ubuntu7.14 is installed:

ii  libc6   2.11.1-0ubuntu7.14
Embedded GNU C Library: Shared libraries

Do we need to just keep waiting or am I missing something?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Marc Deslauriers]

you need to run apt-get update to refresh the list of packages from
the mirror, and then apt-get dist-upgrade to install all available
updates.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[TJ]

** Changed in: eglibc (Ubuntu)
   Status: New = In Progress

** Changed in: eglibc (Ubuntu)
   Importance: Undecided = Critical

** Changed in: eglibc (Ubuntu)
 Assignee: (unassigned) = TJ (tj)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[Launchpad Bug Tracker]

** Branch linked: lp:~tj/ubuntu/lucid/eglibc/lp1352504

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[TJ]

The proposed bug-fix source is currently building in my PPA at:

https://launchpad.net/~tj/+archive/ubuntu/ppa

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[TJ]

Package fails to build due to a test suite error:

...
root@hephaestion:~/eglibc-2.11.1# cat scripts/data/localplt-i386-linux-gnu.data
libc.so: _Unwind_Find_FDE
libc.so: calloc
libc/crypt/libcrypt.so | \
  LC_ALL=C sort | \
  diff -u ../scripts/data/localplt-i386-linux-gnu.data -  
/tmp/buildd/eglibc-2.11.1/build-tree/i386-libc/elf/check-localplt.out
make[3]: *** 
[/tmp/buildd/eglibc-2.11.1/build-tree/i386-libc/elf/check-localplt.out] Error 1
make[3]: Target `tests' not remade because of errors.
make[3]: Leaving directory `/tmp/buildd/eglibc-2.11.1/elf'
make[2]: *** [elf/tests] Error 2


libc.so: free
libc.so: malloc
libc.so: memalign
libc.so: realloc
libm.so: matherr
root@hephaestion:~/eglibc-2.11.1# cat 
/tmp/buildd/eglibc-2.11.1/build-tree/i386-libc/elf/check-localplt.out
--- ../scripts/data/localplt-i386-linux-gnu.data2006-08-17 
01:18:26.0 +
+++ -   2014-08-04 23:51:17.224429361 +
@@ -1,7 +1,9 @@
 libc.so: _Unwind_Find_FDE
 libc.so: calloc
+libc.so: feof
 libc.so: free
 libc.so: malloc
 libc.so: memalign
+libc.so: memmem
 libc.so: realloc
 libm.so: matherr

I cannot see any call on memmem or feof in the patch I've introduced,
nor any commits in upstream close to this one to explain why these are
being exposed.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

[TJ]

Working from the reference at:

https://sourceware.org/glibc/wiki/Testing/Check-localplt

The test-suite failures appear to have been introduced in the patches
for CVE-2014-0475 (2.11.1-0ubuntu7.14) and the patch for bindresvport
(2.9-21).

# objdump -DR build-tree/i386-libc/libc.s  libc.dis
# egrep -n 'memmem@plt' libc.dis
41049:000169d0 memmem@plt:
54050:   21063: e8 68 59 ff ff  call   169d0 memmem@plt

# egrep -B 50 -n 'call.*memmem@plt' libc.dis | egrep '.*:'
54009-00020fd0 _nl_find_locale:

grep -rn memmem debian/patches/*
debian/patches/any/cvs-issue12092.diff:2:Subject: [PATCH] Fix strstr and memmem 
algorithm.
debian/patches/any/CVE-2014-0475.diff:43:+  if (__builtin_expect ((memmem 
(name, namelen,

# egrep -n 'feof@plt' libc.dis
41019:00016970 feof@plt:
315267:   fa8dc:e8 8f c0 f1 ff  call   16970 feof@plt

# egrep -B 150 -n 'call.*feof@plt' libc.dis | egrep '.*:'
315131-000fa6c0 bindresvport:

grep -rn feof debian/patches/*
debian/patches/any/local-bindresvport_blacklist.diff:51:+  while (!feof (fp))

It appears feof() should be feof_unlocked().

Can't be sure about memmem().


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0475

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp