[Bug 1716429] Re: pykerberos for trusty does not include CVE-2015-3206 fix
Hi Steve, > When debian fixed this issue [...], they left the default to off, in order to > not break [...] > The update for Ubuntu 12.04 LTS included this default. You're correct about debian, but this is not exactly what is in the 12.04 LTS update. The patch for precise has two issues: - The default value for 'verify' in the source code (src/kerberos.c) is 1 (enabled) although pysrc/kerberos.py (only used for documentation) has 'verify=False' - The 'verify' argument was not made optional in the PyArg_ParseTuple() call so whatever default value was specified, the call would fail if there was not 5 parameters. So 12.04 LTS already broke existing setups (and I was personally impacted at that time). The patch included in xenial has then fixes these issues: pykerberos (1.1.5-2): * [d3133b6] Set verify=True in docs too. This makes the docs consistent with the default behaviour of the function. * [792f3b6] Make verify option really optional. So far it correctly defaulted to true but couldn't be skipped. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1716429 Title: pykerberos for trusty does not include CVE-2015-3206 fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pykerberos/+bug/1716429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1716429] Re: pykerberos for trusty does not include CVE-2015-3206 fix
Here is a new debdiff with the following changes: - Updated priority in changelog - Added DEP-3 headers in included patch - Removed const qualifier Regards. ** Patch added: "pykerberos_1.1+svn10616-2_1.1+svn10616-2ubuntu0.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/pykerberos/+bug/1716429/+attachment/4962596/+files/pykerberos_1.1+svn10616-2_1.1+svn10616-2ubuntu0.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1716429 Title: pykerberos for trusty does not include CVE-2015-3206 fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pykerberos/+bug/1716429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1716429] Re: pykerberos for trusty does not include CVE-2015-3206 fix
Hello Simon, On which patch do you expect me to add DEP-3 header? Is it the debdiff or the included patch (Add-KDC-authenticity-verification-support- CVE-2015-3206.patch)? Regarding upstream, the patch has been included in 1.1.6 and updated in 1.1.10 regarding the 'verify' option (should have been optional but it was not the case in the first patch). Ref: * https://github.com/02strich/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c * https://github.com/02strich/pykerberos/commit/5867201f1b9c682402aa9b495a654b8f346c8784 Regarding the ubuntu versions: * precise: based on 1.1+svn4895, patch included * trusty: based on 1.1+svn10616, patch *not* included * vivid: based on 1.1.5, patch *not* included * xenial: based on 1.1.5, patch included (updated with second fix) * zesty: based on 1.1.5, patch included (updated with second fix) * artful: based on 1.1.5, patch included (updated with second fix) So only trusty and vivid lack the security patch. I don't know if there's a need to patch vivid as it has already reached EOL. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1716429 Title: pykerberos for trusty does not include CVE-2015-3206 fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pykerberos/+bug/1716429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1504781] Re: lxc-test-ubuntu hangs forever in trusty-proposed with Linux 3.13.0-66: AppArmor denies /dev/ptmx mounting
I'm also interested by an update of the lxc package for precise. The attached patch is working for me (add "/dev/pts/ptmx -> /dev/ptmx" instead of "/dev/pts/ptmx/ -> /dev/ptmx/"). Note that keeping the previous rule is required for not breaking old kernels. ** Patch added: "0075-lxc-apparmor-update.patch" https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1504781/+attachment/4506835/+files/0075-lxc-apparmor-update.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1504781 Title: lxc-test-ubuntu hangs forever in trusty-proposed with Linux 3.13.0-66: AppArmor denies /dev/ptmx mounting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1504781/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1504781] Re: lxc-test-ubuntu hangs forever in trusty-proposed with Linux 3.13.0-66: AppArmor denies /dev/ptmx mounting
I'm also interested by an update of the lxc package for precise. The attached patch is working for me (add "/dev/pts/ptmx -> /dev/ptmx" instead of "/dev/pts/ptmx/ -> /dev/ptmx/"). Note that keeping the previous rule is required for not breaking old kernels. ** Patch added: "0075-lxc-apparmor-update.patch" https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1504781/+attachment/4506835/+files/0075-lxc-apparmor-update.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1504781 Title: lxc-test-ubuntu hangs forever in trusty-proposed with Linux 3.13.0-66: AppArmor denies /dev/ptmx mounting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1504781/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 989675] Re: names_cache memory leak in unionfs module
** Patch added: Patch for unionfs memory leak https://bugs.launchpad.net/bugs/989675/+attachment/3108559/+files/unionfs-names-leak.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/989675 Title: names_cache memory leak in unionfs module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-ubuntu-modules-2.6.24/+bug/989675/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 989675] [NEW] names_cache memory leak in unionfs module
Public bug reported: There is a kernel memory leak in the unionfs 1 module which can leak names_cache entries (slab allocated). After a long time, this can lead to a general OOM situation as they will never be freed. Fix is available since a long time but is not included in hardy. See: http://comments.gmane.org/gmane.comp.file-systems.unionfs.general/2447 $ grep names_cache /proc/slabinfo names_cache 144557 144558 409622 : tunables000 : slabdata 72279 72279 0 ( = 564 MB ) Patch for linux-ubuntu-modules included. ** Affects: linux-ubuntu-modules-2.6.24 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/989675 Title: names_cache memory leak in unionfs module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-ubuntu-modules-2.6.24/+bug/989675/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs