[Bug 2083977] Re: package mariadb-server 1:10.11.8-0ubuntu0.24.04.1 failed to install/upgrade: new mariadb-server package pre-installation script subprocess returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083977 Title: package mariadb-server 1:10.11.8-0ubuntu0.24.04.1 failed to install/upgrade: new mariadb-server package pre-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb/+bug/2083977/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083978] Re: package parted 3.4-2build1 failed to install/upgrade: el subproceso nuevo paquete parted script pre-installation devolvió el código de salida de error 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083978 Title: package parted 3.4-2build1 failed to install/upgrade: el subproceso nuevo paquete parted script pre-installation devolvió el código de salida de error 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/parted/+bug/2083978/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2082533] Re: blueman-applet crashed with AssertionError in _on_object_removed()
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2082533 Title: blueman-applet crashed with AssertionError in _on_object_removed() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/2082533/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083047] Re: Failure to maintain locked screen after monitor is turned off for inactivity
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083047 Title: Failure to maintain locked screen after monitor is turned off for inactivity To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2083047/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2082768] Re: While upgrading Ubuntu got the message: could not install 'linux-firmware"
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2082768 Title: While upgrading Ubuntu got the message: could not install 'linux- firmware" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/2082768/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083495] Re: blueman-applet crashed with blueman.bluez.errors.DBusServiceUnknownError in get(): The name :1.508 was not provided by any .service files
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083495 Title: blueman-applet crashed with blueman.bluez.errors.DBusServiceUnknownError in get(): The name :1.508 was not provided by any .service files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/2083495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083731] Re: package libdart-external-odelcpsolver6.13 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/x86_64-linux-gnu/libdart-external-odelcpsolver.so.6.13.2', which is
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083731 Title: package libdart-external-odelcpsolver6.13 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/x86_64-linux- gnu/libdart-external-odelcpsolver.so.6.13.2', which is also in package libdart-core+collisions+odelcpsolver6.13:amd64 6.13.2+ds1-1~osrf2~noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dart/+bug/2083731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078711] Re: Outstanding CVEs in ruby-rack
Hi Miles, Thanks for testing and sharing the results. The package is now published to the archive and we also published a USN for it: https://ubuntu.com/security/notices/USN-7036-1 Thanks and let us know in case of any issues. And thanks Bruce for sponsoring it! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078711 Title: Outstanding CVEs in ruby-rack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078711] Re: Outstanding CVEs in ruby-rack
** Changed in: ruby-rack (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078711 Title: Outstanding CVEs in ruby-rack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078711] Re: Outstanding CVEs in ruby-rack
Hi Miles, The packages is now available on our security-proposed ppa: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=ruby-rack&field.status_filter=published&field.series_filter= Could you please test it and share the results with us? After we get confirmation we will move to publishing to the archive. ** Changed in: ruby-rack (Ubuntu) Assignee: (unassigned) => Bruce Cable (bruce-cable) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078711 Title: Outstanding CVEs in ruby-rack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2079970] Re: Debug symbols are unavailable for 3.0.2-0ubuntu1.18 (security update)
Hi Tobias, Thanks for reporting it! Indeed there seems some service was stuck and not syncing some dbgsym. Some hours ago the service was restarted and it started syncing the missing files. Could you confirm that you can now get the debug symbols you need? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2079970 Title: Debug symbols are unavailable for 3.0.2-0ubuntu1.18 (security update) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2079970/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078290] Re: package lvm2 2.03.07-1ubuntu1 failed to install/upgrade: installed lvm2 package post-installation script subprocess returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078290 Title: package lvm2 2.03.07-1ubuntu1 failed to install/upgrade: installed lvm2 package post-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2078290/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078356] Re: python3 upgrade has unmet dependencies
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078356 Title: python3 upgrade has unmet dependencies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3-defaults/+bug/2078356/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078263] Re: Issuse with installing ubuntu.Installation crashed.
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078263 Title: Issuse with installing ubuntu.Installation crashed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/2078263/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078319] Re: package mysql-server-8.0 8.0.39-0ubuntu0.24.04.2 failed to install/upgrade: installed mysql-server-8.0 package post-installation script subprocess returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078319 Title: package mysql-server-8.0 8.0.39-0ubuntu0.24.04.2 failed to install/upgrade: installed mysql-server-8.0 package post-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/2078319/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077992] Re: Support report format for DISA STIG Viewer
** Changed in: usg Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077992 Title: Support report format for DISA STIG Viewer To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2077992/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2076471] Re: Screen locking issue
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076471 Title: Screen locking issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kwin/+bug/2076471/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077992] Re: Support report format for DISA STIG Viewer
This is not an issue with USG, but rather with OpenSCAP. I would recommend trying to build and install a newer version of it and try to use the --stig-viewer option. Unfortunately, the openscap version shipped in both focal and jammy are old and might not support the latest features on --stig-viewer. Backporting this feature to openscap to both focal and jammy are very unlikely to happen as it will probably cause regressions. ** Also affects: openscap (Ubuntu) Importance: Undecided Status: New ** Changed in: openscap (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077992 Title: Support report format for DISA STIG Viewer To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2077992/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073000] Re: many vulnerabilities on ubuntu20 package linux-image-aws - 5.15.0.1063.69
It seems that they were all patched and released as per: https://ubuntu.com/security/notices/USN-6923-2 Therefore setting this to Fix Released. ** Changed in: linux-aws-5.15 (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2073000 Title: many vulnerabilities on ubuntu20 package linux-image-aws - 5.15.0.1063.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws-5.15/+bug/2073000/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2074351]
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Tags added: community-security ** Changed in: tinyproxy (Ubuntu) Status: New => Confirmed ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2074351 Title: CVE-2023-49606 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/2074351/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2076129] Re: apt-get crashed with SIGBUS in XXH3_64bits_update()
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076129 Title: apt-get crashed with SIGBUS in XXH3_64bits_update() To manage notifications about this bug go to: https://bugs.launchpad.net/subiquity/+bug/2076129/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2076364] Re: package linux-headers-6.8.0-40-generic 6.8.0-40.40 failed to install/upgrade: linux-headers-6.8.0-40-generic paketi post-installation betiği kuruldu alt süreci 11 hatalı çıkış kodu i
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076364 Title: package linux-headers-6.8.0-40-generic 6.8.0-40.40 failed to install/upgrade: linux-headers-6.8.0-40-generic paketi post- installation betiği kuruldu alt süreci 11 hatalı çıkış kodu ile sona erdi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2076364/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2076583] Re: cloud-init crashed with PermissionError in copyfile(): [Errno 13] Permission denied: '/var/log/installer/subiquity-server-debug.log'
** Description changed: - Marco Antonio De La Torre Santamaria - MarkoDeLaTorre - markoenix - +528715809127 - ProblemType: Crash DistroRelease: Ubuntu 24.10 Package: cloud-init 24.4~1gedd92b71-0ubuntu1 ProcVersionSignature: Ubuntu 6.8.0-31.31.1-lowlatency 6.8.1 Uname: Linux 6.8.0-31-lowlatency x86_64 NonfreeKernelModules: zfs ApportVersion: 2.30.0-0ubuntu1 Architecture: amd64 AutoInstallUserData: Error: [Errno 13] Permiso denegado: '/var/log/installer/autoinstall-user-data' CasperMD5CheckResult: pass CloudName: None CurtinConfigCurtHooks: Error: [Errno 13] Permiso denegado: '/var/log/installer/curtin-install/subiquity-curthooks.conf' CurtinConfigExtract: Error: [Errno 13] Permiso denegado: '/var/log/installer/curtin-install/subiquity-extract.conf' CurtinConfigInitial: Error: [Errno 13] Permiso denegado: '/var/log/installer/curtin-install/subiquity-initial.conf' CurtinConfigPartitioning: Error: [Errno 13] Permiso denegado: '/var/log/installer/curtin-install/subiquity-partitioning.conf' Date: Sun Aug 11 17:51:52 2024 ExecutablePath: /usr/bin/cloud-init InstallationDate: Installed on 2024-07-26 (17 days ago) InstallationMedia: Ubuntu-Studio 24.10 "Oracular Oriole" - Daily amd64 (20240523) InstallerCloudCfg: Error: [Errno 13] Permiso denegado: '/etc/cloud/cloud.cfg.d/99-installer.cfg' InterpreterPath: /usr/bin/python3.12 JournalErrors: - ago 11 17:51:45 hostname kernel: [UFW AUDIT] IN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=136 TOS=0x10 PREC=0x00 TTL=64 ID=7245 DF PROTO=TCP SPT=22 DPT=56578 WINDOW=260 RES=0x00 ACK PSH URGP=0 - ago 11 17:51:45 hostname kernel: [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.1.1 DST=127.0.0.1 LEN=136 TOS=0x10 PREC=0x00 TTL=64 ID=7245 DF PROTO=TCP SPT=22 DPT=56578 WINDOW=260 RES=0x00 ACK PSH URGP=0 + ago 11 17:51:45 hostname kernel: [UFW AUDIT] IN= OUT=lo SRC=127.0.1.1 DST=127.0.0.1 LEN=136 TOS=0x10 PREC=0x00 TTL=64 ID=7245 DF PROTO=TCP SPT=22 DPT=56578 WINDOW=260 RES=0x00 ACK PSH URGP=0 + ago 11 17:51:45 hostname kernel: [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.1.1 DST=127.0.0.1 LEN=136 TOS=0x10 PREC=0x00 TTL=64 ID=7245 DF PROTO=TCP SPT=22 DPT=56578 WINDOW=260 RES=0x00 ACK PSH URGP=0 PackageArchitecture: all ProcCmdline: /usr/bin/python3 /usr/bin/cloud-init --debug collect-logs ProcEnviron: - LANG=es_ES.UTF-8 - PATH=(custom, no user) - SHELL=/bin/bash - TERM=xterm-256color - XDG_RUNTIME_DIR= + LANG=es_ES.UTF-8 + PATH=(custom, no user) + SHELL=/bin/bash + TERM=xterm-256color + XDG_RUNTIME_DIR= Python3Details: /usr/bin/python3.12, Python 3.12.4, python3-minimal, 3.12.4-1 PythonArgs: ['--debug', 'collect-logs'] PythonDetails: N/A SourcePackage: cloud-init SubiquityServerDebug: Error: [Errno 13] Permiso denegado: '/var/log/installer/subiquity-server-debug.log.5551' Title: cloud-init crashed with PermissionError in copyfile(): [Errno 13] Permission denied: '/var/log/installer/subiquity-server-debug.log' UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm audio cdrom dip lpadmin plugdev sudo users cloud-init-log-warnings: - 2024-07-26 12:12:19,381 - activators.py[WARNING]: Received stderr output: - ** (generate:3077): WARNING **: 12:12:15.958: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others. - ** (process:3076): WARNING **: 12:12:18.778: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others. - ** (process:3076): WARNING **: 12:12:19.254: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others. - 2024-07-26 12:14:09,920 - cc_final_message.py[WARNING]: Used fallback datasource + 2024-07-26 12:12:19,381 - activators.py[WARNING]: Received stderr output: + ** (generate:3077): WARNING **: 12:12:15.958: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others. + ** (process:3076): WARNING **: 12:12:18.778: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others. + ** (process:3076): WARNING **: 12:12:19.254: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others. + 2024-07-26 12:14:09,920 - cc_final_message.py[WARNING]: Used fallback datasource user_data.txt: Error: [Errno 13] Permiso denegado: '/var/lib/cloud/instances/iid-datasource-none/user-data.txt' ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076583 Title: cloud-init crashed with PermissionError in copyfile(): [Errno
[Bug 2076937] Re: after intalling updates, I have a blinking disk at the bottom of the screen. It is like a no entry road sign that continuosly blink
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076937 Title: after intalling updates, I have a blinking disk at the bottom of the screen. It is like a no entry road sign that continuosly blink To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/2076937/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2076543] Re: do solve this
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076543 Title: do solve this To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/2076543/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077104] Re: package postgresql-client-14 14.12-0ubuntu0.22.04.1 failed to install/upgrade: подпроцесс из пакета postgresql-client-14 установлен сценарий post-installation возвратил код ошибки 2
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077104 Title: package postgresql-client-14 14.12-0ubuntu0.22.04.1 failed to install/upgrade: подпроцесс из пакета postgresql-client-14 установлен сценарий post-installation возвратил код ошибки 2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postgresql-14/+bug/2077104/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077052] Re: Macbook keyboard and trackpad not working
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077052 Title: Macbook keyboard and trackpad not working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2077052/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077136] Re: package linux-nvidia-tools-common 5.15.0-1062.63 [modified: usr/share/bash-completion/completions/bpftool usr/share/man/man1/cpupower-frequency-info.1.gz usr/share/man/man1/cpupower-
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077136 Title: package linux-nvidia-tools-common 5.15.0-1062.63 [modified: usr/share/bash-completion/completions/bpftool usr/share/man/man1/cpupower-frequency-info.1.gz usr/share/man/man1/cpupower-idle-set.1.gz usr/share/man/man1/perf- annotate.1.gz usr/share/man/man1/perf-archive.1.gz usr/share/man/man1/perf-bench.1.gz usr/share/man/man1/perf-buildid- cache.1.gz usr/share/man/man1/perf-buildid-list.1.gz usr/share/man/man1/perf-c2c.1.gz usr/share/man/man1/perf-config.1.gz usr/share/man/man1/perf-daemon.1.gz usr/share/man/man1/perf-data.1.gz usr/share/man/man1/perf-diff.1.gz usr/share/man/man1/perf- dlfilter.1.gz usr/share/man/man1/perf-evlist.1.gz usr/share/man/man1/perf-ftrace.1.gz usr/share/man/man1/perf-help.1.gz usr/share/man/man1/perf-inject.1.gz usr/share/man/man1/perf-intel- pt.1.gz usr/share/man/man1/perf-iostat.1.gz usr/share/man/man1/perf- kallsyms.1.gz usr/share/man/man1/perf-kmem.1.gz usr/share/man/man1/perf-kvm.1.gz usr/share/man/man1/perf-list.1.gz usr/share/man/man1/perf-lock.1.gz usr/share/man/man1/perf-mem.1.gz usr/share/man/man1/perf-probe.1.gz usr/share/man/man1/perf-record.1.gz usr/share/man/man1/perf-report.1.gz usr/share/man/man1/perf-sched.1.gz usr/share/man/man1/perf-script-perl.1.gz usr/share/man/man1/perf- script-python.1.gz usr/share/man/man1/perf-script.1.gz usr/share/man/man1/perf-stat.1.gz usr/share/man/man1/perf-test.1.gz usr/share/man/man1/perf-timechart.1.gz usr/share/man/man1/perf- top.1.gz usr/share/man/man1/perf-trace.1.gz usr/share/man/man1/perf- version.1.gz usr/share/man/man1/perf.1.gz usr/share/man/man8/bpftool- btf.8.gz usr/share/man/man8/bpftool-cgroup.8.gz usr/share/man/man8/bpftool-feature.8.gz usr/share/man/man8/bpftool- gen.8.gz usr/share/man/man8/bpftool-iter.8.gz usr/share/man/man8/bpftool-link.8.gz usr/share/man/man8/bpftool- map.8.gz usr/share/man/man8/bpftool-net.8.gz usr/share/man/man8/bpftool-perf.8.gz usr/share/man/man8/bpftool- prog.8.gz usr/share/man/man8/bpftool-struct_ops.8.gz usr/share/man/man8/bpftool.8.gz usr/share/man/man8/turbostat.8.gz] failed to install/upgrade: trying to overwrite '/usr/bin/acpidbg', which is also in package linux-tools-common 6.5.0-9.9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-nvidia/+bug/2077136/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077140] Re: Intel Arrow Lake Graphics feature backport request for ubuntu 22.04.5 and 24.04 server
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077140 Title: Intel Arrow Lake Graphics feature backport request for ubuntu 22.04.5 and 24.04 server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kernel-package/+bug/2077140/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077389] Re: package libc6 2.38-1ubuntu6.3 failed to install/upgrade: new libc6:amd64 package pre-installation script subprocess returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077389 Title: package libc6 2.38-1ubuntu6.3 failed to install/upgrade: new libc6:amd64 package pre-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2077389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077736] Re: cn't boot on ubuntu 18.4 or 20.4 - looped reset
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077736 Title: cn't boot on ubuntu 18.4 or 20.4 - looped reset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/2077736/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077861] Bug is not a security issue
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077861 Title: Intel Arrow Lake IBECC feature backport request for ubuntu 22.04.5 and 24.04.1 server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kernel-package/+bug/2077861/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077445]
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Tags added: community-security ** Changed in: assimp (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077445 Title: CVE-2024-40724 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/assimp/+bug/2077445/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077626] Re: le navigateur brave ne peut pas télécharger de programme et le navigateur firefox refuse de s'ouvrir
Thanks for taking the time to report this bug and helping to make Ubuntu better. Your bug report is more likely to get attention if it is made in English, since this is the language understood by the majority of Ubuntu developers. Additionally, please only mark a bug as "security" if it shows evidence of allowing attackers to cross privilege boundaries or to directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public ** Changed in: ubuntu Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077626 Title: le navigateur brave ne peut pas télécharger de programme et le navigateur firefox refuse de s'ouvrir To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2077626/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077658] Re: Does not detect hotplugged storage device
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077658 Title: Does not detect hotplugged storage device To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/2077658/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077861] Re: Intel Arrow Lake IBECC feature backport request for ubuntu 22.04.5 and 24.04.1 server
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077861 Title: Intel Arrow Lake IBECC feature backport request for ubuntu 22.04.5 and 24.04.1 server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kernel-package/+bug/2077861/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077793] Re: package nvidia-driver-390 390.157-0ubuntu0.22.04.2 failed to install/upgrade: проблемы зависимостей — оставляем не настроенным
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077793 Title: package nvidia-driver-390 390.157-0ubuntu0.22.04.2 failed to install/upgrade: проблемы зависимостей — оставляем не настроенным To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-390/+bug/2077793/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077880] Re: The programm "Aktualisierugsverwaltung" does not start in Ubuntu 24.02
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077880 Title: The programm "Aktualisierugsverwaltung" does not start in Ubuntu 24.02 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2077880/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2077958] Re: Not able to enlist the 17G AMD Platforms via MAAS server
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077958 Title: Not able to enlist the 17G AMD Platforms via MAAS server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2077958/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2071633] Re: [81DE, Realtek ALC236, Mic, Internal] No sound at all
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2071633 Title: [81DE, Realtek ALC236, Mic, Internal] No sound at all To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2071633/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067125] Re: CVE-2024-21096 et al affects MariaDB in Ubuntu
Thanks again Otto for preparing this package update! As mentioned above this is now published :) ** Changed in: mariadb (Ubuntu) Status: New => Fix Released ** Changed in: mariadb-10.6 (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067125 Title: CVE-2024-21096 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb/+bug/2067125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067125] Re: CVE-2024-21096 et al affects MariaDB in Ubuntu
I'm publishing the update first thing tomorrow morning, so far everything looks good. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067125 Title: CVE-2024-21096 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb/+bug/2067125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067125] Re: CVE-2024-21096 et al affects MariaDB in Ubuntu
Hi Otto, I've uploaded yesterday the 3 updates to our security-proposed ppa: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=mariadb&field.status_filter=published&field.series_filter= I will take a look at the autopkgtests we have in that ppa and, if everything is looking good, I will publish it either later today or earlier tomorrow. One note though, on your comment you said the branches ubuntu-2* (e.g. ubuntu-22.04) but the correct branches are the ones you sent before, ubuntu/2* (e.g. ubuntu/22.04-jammy). Perhaps to avoid confusion in the future, would it be better to consolidate the branches? Thanks again for preparing those and I will let you know when it is released or in case of issues. ** Changed in: mariadb (Ubuntu Mantic) Status: New => Fix Committed ** Changed in: mariadb (Ubuntu Noble) Status: New => Fix Committed ** Changed in: mariadb-10.6 (Ubuntu Jammy) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067125 Title: CVE-2024-21096 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb/+bug/2067125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067125] Re: CVE-2024-21096 et al affects MariaDB in Ubuntu
** Changed in: mariadb (Ubuntu Mantic) Assignee: (unassigned) => Eduardo Barretto (ebarretto) ** Changed in: mariadb (Ubuntu Noble) Assignee: (unassigned) => Eduardo Barretto (ebarretto) ** Changed in: mariadb-10.6 (Ubuntu Jammy) Assignee: (unassigned) => Eduardo Barretto (ebarretto) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067125 Title: CVE-2024-21096 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb/+bug/2067125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067125] Re: CVE-2024-21096 et al affects MariaDB in Ubuntu
Hi Otto, all look good, if you are ok I will proceed with the sponsoring -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067125 Title: CVE-2024-21096 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.3/+bug/2067125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067125] Re: CVE-2024-21096 et al affects MariaDB in Ubuntu
Hey Otto, sorry, I was off for a few days. So should I go ahead with the sponsor or do you want to merge things first? Either work well for me and I can continue with the sponsoring this week still. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067125 Title: CVE-2024-21096 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.3/+bug/2067125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2068625] Re: flickering screen
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2068625 Title: flickering screen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2068625/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060345] Re: oscap crashes during audit on the system with ceph-mds package installed
This is now released as mentioned in: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/comments/14 https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/comments/15 ** Changed in: openscap (Ubuntu Focal) Status: In Progress => Fix Released ** Changed in: openscap (Ubuntu Jammy) Status: In Progress => Fix Released ** Changed in: openscap (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060345 Title: oscap crashes during audit on the system with ceph-mds package installed To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2060345/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067125] Re: CVE-2024-21096 et al affects MariaDB in Ubuntu
Hey Otto, sorry for the delay, the branches look good, and I could successfully build the package and check the diff with the PR, but I again had to bypass that issue with gbp not generating the orig tarball correctly. I'm investigating this issue a bit more to see what is going on. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067125 Title: CVE-2024-21096 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.3/+bug/2067125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067125] Re: CVE-2024-21096 et al affects MariaDB in Ubuntu
Hi Otto, Thanks for preparing the updates! I will be taking a look at the PRs between today and tomorrow -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067125 Title: CVE-2024-21096 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.3/+bug/2067125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
On Ubuntu 20.04, following the tests outlined in the description, below is the result: $ uname -a Linux sec-focal-amd64 5.4.0-181-generic #201-Ubuntu SMP Thu Mar 28 15:39:01 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux $ dpkg -l | grep libopenscap ii libopenscap8 1.2.16-2ubuntu3.3 amd64Set of libraries enabling integration of the SCAP line of standards $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=8143 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=8143 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=8154 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=8154 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] # INSTALL -proposed VERSION $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 # SUCCESSFUL PASS $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
On Ubuntu 22.04, following the tests outlined in the description, below is the result: $ uname -a Linux sec-jammy-amd64 6.5.0-28-generic #29~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr 4 14:39:20 UTC 2 x86_64 x86_64 x86_64 GNU/Linux # Check that current version of openscap is installed $ dpkg -l | grep libopenscap ii libopenscap8 1.2.17-0.1ubuntu7.22.04.1 amd64Set of libraries enabling integration of the SCAP line of standards $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=8585 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=8585 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=8599 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=8599 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] # INSTALL -proposed VERSION $ sudo apt install libopenscap8=1.2.17-0.1ubuntu7.22.04.2 # SUCCESSFUL PASS $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. Still for Ubuntu 22.04 we also got confirmation on LP: #2060345 that now usg passed successfully. See https://bugs.launchpad.net/usg/+bug/2060345/comments/15 ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060345] Re: oscap crashes during audit on the system with ceph-mds package installed
Hey @phausman, could you please try to reproduce by using the openscap -proposed? For more information: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/comments/10 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060345 Title: oscap crashes during audit on the system with ceph-mds package installed To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2060345/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
** Also affects: openscap (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: openscap (Ubuntu Mantic) Importance: Undecided Status: New ** Changed in: openscap (Ubuntu Mantic) Status: New => Fix Released ** Changed in: openscap (Ubuntu Noble) Status: New => Fix Released ** Description changed: [ Impact ] * This issue causes a crash in openscap when there's a circular dependency in systemd services, and currently affects both Ubuntu 20.04 - and 22.04. + and 22.04. openscap on Ubuntu 23.10 and 24.04 already contain this fix. * This indirectly is affecting the usage of USG (Ubuntu Security Guide) for CIS auditing in systems with ceph-mds. See LP: #2060345. * This issue was reported to upstream here: https://bugzilla.redhat.com/show_bug.cgi?id=1478285 and later fixed in openscap upstream git repo https://github.com/OpenSCAP/openscap/pull/1474. This SRU is a backport of the mentioned pull request. [ Test Plan ] * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345. But for simplicity, the easiest way to reproduce this issue is to run the following commands. On Ubuntu 20.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1522 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1522 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=1531 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1531 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ``` On Ubuntu 22.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1421 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1421 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=1431 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1431 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] $ sudo apt install libopenscap8=1.2.17-0.1ubuntu7.22.04.2 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ``` * The other tests we will do is to run full usg fix and audit and report if the output is as expected. [ Where problems could occur ] * This fix was never backported to version 1.2 in upstream git repo, but was applied to openscap 1.2 in RHEL-based distros, it is unclear if the backport ever created another issue with the systemdunitdependency probe. If that is the case we expect to see some other tests
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
** Patch added: "openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767572/+files/openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
** Patch added: "openscap_1.2.16-2ubuntu3.4.debdiff" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767571/+files/openscap_1.2.16-2ubuntu3.4.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060345] Re: oscap crashes during audit on the system with ceph-mds package installed
I've create the SRU ticket here: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060345 Title: oscap crashes during audit on the system with ceph-mds package installed To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2060345/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
** Patch added: "openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767559/+files/openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff ** Description changed: [ Impact ] - * This issue causes a crash in openscap when there's a circular + * This issue causes a crash in openscap when there's a circular dependency in systemd services, and currently affects both Ubuntu 20.04 and 22.04. - * This indirectly is affecting the usage of USG (Ubuntu Security Guide) + * This indirectly is affecting the usage of USG (Ubuntu Security Guide) for CIS auditing in systems with ceph-mds. See LP: #2060345. - * This issue was reported to upstream here: + * This issue was reported to upstream here: https://bugzilla.redhat.com/show_bug.cgi?id=1478285 and later fixed in openscap upstream git repo https://github.com/OpenSCAP/openscap/pull/1474. This SRU is a backport of the mentioned pull request. [ Test Plan ] - * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345. -But for simplicity, the easiest way to reproduce this issue is to run the following commands. -Without the patch on Ubuntu 20.04: + * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345. + But for simplicity, the easiest way to reproduce this issue is to run the following commands. + Without the patch on Ubuntu 20.04: ``` - $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml + $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml + Definition oval:ssg-service_rsyslog_enabled:def:1: true + Evaluation done. + $ sudo apt install ceph-mds + $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1522 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1522 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=1531 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1531 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] ``` - With the patch on Ubuntu 20.04: + With the patch on Ubuntu 20.04: ``` $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 - $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml + $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ``` -Without the patch on Ubuntu 22.04: + Without the patch on Ubuntu 22.04: ``` + $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml + Definition oval:ssg-service_rsyslog_enabled:def:1: true + Evaluation done. + $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1421 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1421 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=1431 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1431 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] ``` - With the patch on Ubuntu 22.04: + With the patch on Ubuntu 22.04: ``` $ sudo apt install libopenscap8=1.2
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
** Patch added: "openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767558/+files/openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
** Patch added: "openscap_1.2.16-2ubuntu3.4.debdiff" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767557/+files/openscap_1.2.16-2ubuntu3.4.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
** Attachment added: "oval file for ubuntu 20.04" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767555/+files/ssg-ubuntu2004-oval.xml -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] Re: [SRU] Fix segfault in systemdunitdependency probe
** Attachment added: "oval file for ubuntu 22.04" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767556/+files/ssg-ubuntu2204-oval.xml -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062389] [NEW] [SRU] Fix segfault in systemdunitdependency probe
Public bug reported: [ Impact ] * This issue causes a crash in openscap when there's a circular dependency in systemd services, and currently affects both Ubuntu 20.04 and 22.04. * This indirectly is affecting the usage of USG (Ubuntu Security Guide) for CIS auditing in systems with ceph-mds. See LP: #2060345. * This issue was reported to upstream here: https://bugzilla.redhat.com/show_bug.cgi?id=1478285 and later fixed in openscap upstream git repo https://github.com/OpenSCAP/openscap/pull/1474. This SRU is a backport of the mentioned pull request. [ Test Plan ] * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345. But for simplicity, the easiest way to reproduce this issue is to run the following commands. Without the patch on Ubuntu 20.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1522 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1522 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=1531 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1531 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] ``` With the patch on Ubuntu 20.04: ``` $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ``` Without the patch on Ubuntu 22.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1421 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1421 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=1431 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1431 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] ``` With the patch on Ubuntu 22.04: ``` $ sudo apt install libopenscap8=1.2.17-0.1ubuntu7.22.04.2 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ``` * The other tests we will do is to run full usg fix and audit and report if the output is as expected. [ Where problems could occur ] * This fix was never backported to version 1.2 in upstream git repo, but was applied to openscap 1.2 in RHEL-based distros, it is unclear if the backport ever created another issue with the systemdunitdependency probe. If that is the case we expect to see some other tests in usg failing, for example. [ Other Info ] * This issue affects both Ubuntu 20.04 and 22.04. ** Affects: openscap (Ubuntu) Importance: Undecided Status: New ** Affects: openscap (Ubuntu Focal) Importance: Undecided Status: New ** Affects: openscap (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: openscap (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: openscap (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062389 Title: [SRU] Fix segfault in systemdunitdependency probe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+so
[Bug 2060345] Re: oscap crashes during audit on the system with ceph-mds package installed
** No longer affects: openscap (Ubuntu) ** Also affects: openscap (Ubuntu) Importance: Undecided Status: New ** Also affects: openscap (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: openscap (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openscap (Ubuntu) Status: New => Confirmed ** Changed in: openscap (Ubuntu Focal) Status: New => In Progress ** Changed in: openscap (Ubuntu Jammy) Status: New => In Progress ** Changed in: openscap (Ubuntu Focal) Assignee: (unassigned) => Eduardo Barretto (ebarretto) ** Changed in: openscap (Ubuntu Jammy) Assignee: (unassigned) => Eduardo Barretto (ebarretto) ** Changed in: openscap (Ubuntu) Status: Confirmed => In Progress ** Changed in: openscap (Ubuntu) Assignee: (unassigned) => Eduardo Barretto (ebarretto) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060345 Title: oscap crashes during audit on the system with ceph-mds package installed To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2060345/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060345] Re: oscap crashes during audit on the system with ceph-mds package installed
@phausman I won't be doing the SRU. Since Peter is investigating it, it is best if it comes from him. If you are building from source and it does not produce a crash, then the bug mentioned by Peter is not really necessary and something else might be the issue. As the circular dependency does not happen on a normal Ubuntu image, my belief is that this is still an issue with systemd in this ceph-mds image. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060345 Title: oscap crashes during audit on the system with ceph-mds package installed To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2060345/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060345] Re: oscap crashes during audit on the system with ceph-mds package installed
Peter, do note that this fix never landed on 1.2 openscap, it will require some backporting. To land this fix it should be done through an SRU process. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060345 Title: oscap crashes during audit on the system with ceph-mds package installed To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2060345/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060345] Re: oscap crashes during audit on the system with ceph-mds package installed
** Also affects: openscap Importance: Undecided Status: New ** No longer affects: openscap ** Also affects: openscap (Ubuntu) Importance: Undecided Status: New ** Changed in: usg Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060345 Title: oscap crashes during audit on the system with ceph-mds package installed To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2060345/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2057814] Re: upgrade
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2057814 Title: upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/2057814/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2057775] Re: package libignition-fuel-tools4-4 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/x86_64-linux-gnu/libignition-fuel_tools4.so.4', which is also in package li
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2057775 Title: package libignition-fuel-tools4-4 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/x86_64-linux- gnu/libignition-fuel_tools4.so.4', which is also in package libignition-fuel-tools4:amd64 4.6.0-1~focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ignition-fuel-tools4/+bug/2057775/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056775] Re: openscap fails in multiple tests when auditing on fresh Jammy
Could you please run with --debug and upload the logs? ** Changed in: openscap (Ubuntu) Status: New => Incomplete ** Package changed: openscap (Ubuntu) => usg ** Summary changed: - openscap fails in multiple tests when auditing on fresh Jammy + usg fails in multiple tests when auditing on fresh Jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056775 Title: usg fails in multiple tests when auditing on fresh Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/usg/+bug/2056775/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056091] Re: package linux-headers-generic-hwe-22.04 6.5.0.21.20 failed to install/upgrade: bağımlılık sorunları - yapılandırılmadan bırakılıyor
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056091 Title: package linux-headers-generic-hwe-22.04 6.5.0.21.20 failed to install/upgrade: bağımlılık sorunları - yapılandırılmadan bırakılıyor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2056091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056596] Re: L'installation de grub a echoué
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056596 Title: L'installation de grub a echoué To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/2056596/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2036595] Re: vulnerability in libcue affects tracker-extract (GHSL-2023-197)
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2036595 Title: vulnerability in libcue affects tracker-extract (GHSL-2023-197) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcue/+bug/2036595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055270] Re: Buy Tramadol Online At Lowest Prices
** Changed in: systemd (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055270 Title: Buy Tramadol Online At Lowest Prices To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2055270/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2054916]
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Tags added: community-security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2054916 Title: CVE-2022-44640 affects the version of heimdal on ubuntu 22.04 - could it be updated? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/2054916/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055013]
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Tags added: community-security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055013 Title: CVE-2020-13576 affects the version in ubuntu 22.04 - could it be updated? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gsoap/+bug/2055013/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
This patch is not acceptable as you are trying to fix a security issue (already fixed) and a bug issue. Please only upload a debdiff for the bug issue. Also create a new ticket for that, as this one if for the security issue and that was already fixed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922654] Re: Apache Maven Multiple Security Bypass Vulnerabilities
That is already fixed under Ubuntu Pro: https://ubuntu.com/security/notices/USN-5245-1 https://ubuntu.com/security/notices/USN-5239-1 ** Changed in: maven (Ubuntu) Status: Confirmed => Fix Released ** Changed in: httpcomponents-client (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1922654 Title: Apache Maven Multiple Security Bypass Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/httpcomponents-client/+bug/1922654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2007456] Re: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser.
Hi Keath, It takes time because it is a newer version update. As you can see in comment #4 it is currently available for testing on security-proposed ppa. If you could test it and give us a feedback that it is working properly that would be much appreciated. Also we are currently having issues with clamav and lunar but we hope to have it done by next week and everything publish. Please bear with us in the meantime. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2007456 Title: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2007456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2007273] Re: I have ubuntu 22.04 on my system and have the following vulnerability : CVE-2022-4743. On which release/path of Ubuntu can I expect them to be fixed ?
Thanks for taking the time to report this bug and helping to make Ubuntu better. This is low priority CVE for us, it will only get patched if a higher priority CVE for libsdl2 in 22.04 shows up. Right now there are none, therefore no ETA. ** Information type changed from Private Security to Public Security ** Changed in: libsdl2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2007273 Title: I have ubuntu 22.04 on my system and have the following vulnerability : CVE-2022-4743. On which release/path of Ubuntu can I expect them to be fixed ? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libsdl2/+bug/2007273/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2007274] Re: I have ubuntu 22.04 on my system and have the following vulnerability : CVE-2022-46908. On which release/path of Ubuntu can I expect them to be fixed ?
Thanks for taking the time to report this bug and helping to make Ubuntu better. This is low priority CVE for us, it will only get patched if a higher priority CVE for sqlite3 in 22.04 shows up. Right now there are none, therefore no ETA. ** Description changed: I have ubuntu 22.04 on my system and it has the following vulnerability : CVE-2022-46908. Here is the link to the Ubuntu CVE link : - https://ubuntu.com/security/CVE-2022-46908#:~:text=SQLite%20through%203.40.,UDF%20functions%20such%20as%20WRITEFILE. - On which version/patch of Ubuntu can I expect this to get fixed ? + https://ubuntu.com/security/CVE-2022-46908. On which version/patch of + Ubuntu can I expect this to get fixed ? ** Information type changed from Private Security to Public Security ** Changed in: sqlite3 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2007274 Title: I have ubuntu 22.04 on my system and have the following vulnerability : CVE-2022-46908. On which release/path of Ubuntu can I expect them to be fixed ? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/2007274/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2000848] Re: CVE-2022-41138: Unreleased in zutty
** Changed in: zutty (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2000848 Title: CVE-2022-41138: Unreleased in zutty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zutty/+bug/2000848/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1995402] Re: cups keeps spool files forever and thus reveals confidential data
** Information type changed from Private Security to Public Security ** Changed in: cups (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1995402 Title: cups keeps spool files forever and thus reveals confidential data To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1995402/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1990886] Re: Security updates missing after 91.11.0
Hi Olivier, Do you have any updates on line for thunderbird? We got a similar question last week on IRC. ** Information type changed from Private Security to Public Security ** Changed in: thunderbird (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1990886 Title: Security updates missing after 91.11.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1990886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.7 for Focal and Jammy
Luis, you keep updating the description but you haven't replied to comment 36. Please provide the information requested. ** Changed in: wpewebkit (Ubuntu) Status: In Progress => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.7 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
my colleague Spyros will be taking a look if he can bring kinetic's version to Jammy and Focal. ** Changed in: wpewebkit (Ubuntu Focal) Assignee: (unassigned) => Spyros Seimenis (sespiros) ** Changed in: wpewebkit (Ubuntu Jammy) Assignee: (unassigned) => Spyros Seimenis (sespiros) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
** Description changed: - I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to - fix security issues and other bugs, as well as adding features that - increase compatibility with current websites. + I want to upgrade the versions in Focal and Jammy to 2.36.4 to fix + security issues and other bugs, as well as adding features that increase + compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
** Description changed: - I want to upgrade the versions in Focal and Jammy to 2.36.4 to fix - security issues and other bugs, as well as adding features that increase - compatibility with current websites. + I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to + fix security issues and other bugs, as well as adding features that + increase compatibility with current websites. The version in Focal is affected by all vulnerabilities listed below. The version in Jammy is vulnerable to CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. Debian released an advisory on April 8. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal and Jammy
Just adding some notes about this request: 1. 200MB debdiff, really hard to verify/validate/test. We need to think on a good way to guarantee that we are not introducing issues. 2. On Luis' PPA the package fails to build in some architectures. Luis is going to trigger another build and see if it passes. If it fails and continues to not include logs on why it fails, I will ask Launchpad team to investigate what's happening. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Upgrade to 2.36.4 for Focal, Impish and Jammy
** Also affects: wpewebkit (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: wpewebkit (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.4 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970779] Re: Multiple vulnerabilities in Focal, Impish and Jammy
Hi Luís, As my colleague mentioned to you previously, except for a few exceptions, such as ffmpeg, we generally don't accept new upstream maintenance releases into the security sponsoring process. As you can see on bug #1973814, the diff between the versions you want to upgrade are too big and introduce too many new changes that could cause regressions and other issues. If you really want to introduce new upstream microreleases, you can perhaps try getting them sponsored as Stable Release Updates: https://wiki.ubuntu.com/StableReleaseUpdates Otherwise, please send debdiffs only containing the security fixes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Multiple vulnerabilities in Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Hi Luis, Thanks for testing! Regarding 18.04 test failure, I tried to reproduce here and it is passing fine: `... GEN tests/data/vsynth_lena.yuv TESTvsynth_lena-amv TESTvsynth_lena-asv1 TESTvsynth_lena-asv2 TESTvsynth_lena-cinepak TESTvsynth_lena-cljr TESTvsynth_lena-dnxhd-720p TESTvsynth_lena-dnxhd-720p-rd ...` Could you gather more information on the failure? Regarding the litian issues I will be adding the missing signatures, thanks for providing them. We got your email on the version, I shall be fixing it, probably after we have an ok from you that the test are passing fine and no other changes are needed. Did you get a chance to test impish and jammy? Thanks again -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Hi Luis, I've uploaded the binaries to -proposed, could you please test them? Thanks ** Changed in: ffmpeg (Ubuntu Bionic) Status: In Progress => Fix Committed ** Changed in: ffmpeg (Ubuntu Focal) Status: In Progress => Fix Committed ** Changed in: ffmpeg (Ubuntu Impish) Status: In Progress => Fix Committed ** Changed in: ffmpeg (Ubuntu Jammy) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970674] Re: New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Hi Luis, Thanks for contacting us and helping make Ubuntu better. I will be going through your debdiffs, but bear with me as those are minor version updates. I will let you know when the binaries get to -proposed and I would appreciate if you could test them. ** Also affects: ffmpeg (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: ffmpeg (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: ffmpeg (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: ffmpeg (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: ffmpeg (Ubuntu Bionic) Assignee: (unassigned) => Eduardo Barretto (ebarretto) ** Changed in: ffmpeg (Ubuntu Focal) Assignee: (unassigned) => Eduardo Barretto (ebarretto) ** Changed in: ffmpeg (Ubuntu Impish) Assignee: (unassigned) => Eduardo Barretto (ebarretto) ** Changed in: ffmpeg (Ubuntu Jammy) Assignee: (unassigned) => Eduardo Barretto (ebarretto) ** Changed in: ffmpeg (Ubuntu Bionic) Status: New => In Progress ** Changed in: ffmpeg (Ubuntu Focal) Status: New => In Progress ** Changed in: ffmpeg (Ubuntu Impish) Status: New => In Progress ** Changed in: ffmpeg (Ubuntu Jammy) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970674 Title: New bug fix releases 3.4.11, 4.2.7 and 4.4.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1959757] Re: [SRU] etcd FTBFS on Focal
We asked around the server team, and no one over there has any experience with etcd either. What should we do next? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1959757 Title: [SRU] etcd FTBFS on Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1959757/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1888890] Re: openscap: xenial version is lower than version published in trusty/esm
We just published today a no-change version of openscap to Xenial ESM ppas to solve this issue. ** Changed in: openscap (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/190 Title: openscap: xenial version is lower than version published in trusty/esm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1966338] Re: openjdk11 update breaks customers
** Changed in: openjdk-lts (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1966338 Title: openjdk11 update breaks customers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-lts/+bug/1966338/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1959757] Re: [SRU] etcd FTBFS on Focal
** Changed in: etcd (Ubuntu Focal) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1959757 Title: [SRU] etcd FTBFS on Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1959757/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1959757] Re: [SRU] etcd FTBFS on Focal
The test suite is passing fine. If I compare binaries of current version and with debdiff applied I get the following attached files. ** Attachment added: "etcd_amd64.txt" https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1959757/+attachment/5572181/+files/etcd_amd64.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1959757 Title: [SRU] etcd FTBFS on Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/1959757/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
