[Bug 1939870] Re: The package fail2ban is vulnerable to arbitrary command execution via CVE-2021-32749.
Thank you for taking the time to respond. I will try to get hold of the maintainers. I've already mitigated on my systems as a precautionary measure. I can see that the Debian team is already on this: https://security-tracker.debian.org/tracker/CVE-2021-32749 I am sure the Ubuntu package maintainers are aware. https://packages.ubuntu.com/focal/fail2ban ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-32749 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939870 Title: The package fail2ban is vulnerable to arbitrary command execution via CVE-2021-32749. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/1939870/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1798679] Re: 18.10 installer crashed just after time zone selection
I have a similar issue when installing on a Lenovo Y530 with m2 PCIe SSD. I can confirm that I was able to install OpenSuse Tumbleweed which is running kernel 4.18.15 as opposed to 4.18.0. There may be a patch. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/nvme/host/pci.c?id=1d39e6928cbd0eb737c51545210b5186d5551ba1 It seemed like it might work: ubuntu kernel: nvme nvme0: nvme_report_ns_ids: Identify Descriptors failed Oct 30 11:14:36 ubuntu kernel: nvme0n1: p1 p2 p3 Oct 30 11:14:38 ubuntu kernel: nvme nvme0: nvme_report_ns_ids: Identify Descriptors failed Oct 30 11:14:38 ubuntu kernel: nvme0n1: p1 p2 p3 Oct 30 11:14:38 ubuntu partman[11608]: mke2fs 1.44.4 (18-Aug-2018) Oct 30 11:14:38 ubuntu systemd-resolved[1337]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. Oct 30 11:14:38 ubuntu partman-crypto[11691]: kernel entropy_avail: 3206 bits Oct 30 11:14:39 ubuntu kernel: NET: Registered protocol family 38 Oct 30 11:14:42 ubuntu systemd-resolved[1337]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. Oct 30 11:14:42 ubuntu partman-crypto[11703]: WARNING: Device /dev/nvme0n1p3 already contains a 'crypto_LUKS' superblock signature. Oct 30 11:14:45 ubuntu kernel: sda: sda1 sda2 sda3 Oct 30 11:14:45 ubuntu systemd-resolved[1337]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. Oct 30 11:14:47 ubuntu ubiquity[7028]: stat: cannot stat '/dev/ubuntu-vg' Oct 30 11:14:47 ubuntu ubiquity[7028]: : No such file or directory Oct 30 11:14:47 ubuntu partman-lvm[12951]: Physical volume "/dev/mapper/nvme0n1p3_crypt" successfully created. Oct 30 11:14:47 ubuntu partman-lvm[12959]: Volume group "ubuntu-vg" successfully created Oct 30 11:14:48 ubuntu partman-lvm[13203]: Logical volume "root" created. Oct 30 11:14:48 ubuntu partman-lvm[13302]: Logical volume "swap_1" created. Then: Oct 30 11:15:02 ubuntu partman[16883]: mke2fs 1.44.4 (18-Aug-2018) Oct 30 11:15:04 ubuntu ubiquity[15528]: mount: /target: mount(2) system call failed: Structure needs cleaning. Oct 30 11:15:04 ubuntu kernel: EXT4-fs (dm-1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 1917491351206869023)! Oct 30 11:15:04 ubuntu kernel: EXT4-fs (dm-1): group descriptors corrupted! After the ntp and hostname have finished this happens: Oct 30 11:15:42 ubuntu kernel: Corrupted low memory at bff9e473 (1000 phys) = 3fff3fff... Oct 30 11:15:42 ubuntu kernel: [ cut here ] Oct 30 11:15:42 ubuntu kernel: Memory corruption detected in low memory Oct 30 11:15:42 ubuntu kernel: WARNING: CPU: 1 PID: 19 at arch/x86/kernel/check.c:142 check_for_bios_corruption+0xb4/0xc0 Oct 30 11:15:42 ubuntu kernel: Modules linked in: algif_skcipher af_alg dm_crypt ufs qnx4 hfsplus hfs minix ntfs msdos xfs jfs btrfs zstd_compress libcrc32c xor raid6_pq rfcomm arc4 iwlmvm mac80211 bnep intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm uvcvideo btusb btrtl snd_hda_codec_hdmi irqbypass videobuf2_vmalloc videobuf2_memops btbcm videobuf2_v4l2 snd_hda_codec_realtek crct10dif_pclmul btintel snd_hda_codec_generic crc32_pclmul ghash_clmulni_intel snd_hda_intel snd_hda_codec bluetooth videobuf2_common pcbc videodev snd_hda_core snd_hwdep snd_pcm iwlwifi aesni_intel joydev media snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq cfg80211 aes_x86_64 crypto_simd snd_seq_device cryptd snd_timer snd glue_helper mei_me soundcore mei idma64 processor_thermal_device intel_cstate intel_soc_dts_iosf intel_pch_thermal Oct 30 11:15:42 ubuntu kernel: ecdh_generic hid_multitouch input_leds intel_rapl_perf ideapad_laptop virt_dma 8250_dw serio_raw sparse_keymap ucsi_acpi wmi_bmof typec_ucsi intel_wmi_thunderbolt mac_hid typec acpi_pad int3403_thermal int340x_thermal_zone int3400_thermal acpi_thermal_rel sch_fq_codel parport_pc ppdev lp parport Oct 30 11:15:42 ubuntu kernel: ip_tables x_tables autofs4 overlay nls_utf8 isofs nls_iso8859_1 dm_mirror dm_region_hash dm_log uas usb_storage usbhid hid_generic nouveau i915 mxm_wmi ttm i2c_algo_bit drm_kms_helper nvme syscopyarea sysfillrect sysimgblt fb_sys_fops nvme_core drm r8169 ahci intel_lpss_pci i2c_hid mii libahci intel_lpss hid video pinctrl_cannonlake wmi pinctrl_intel Oct 30 11:15:42 ubuntu kernel: CPU: 1 PID: 19 Comm: kworker/1:0 Tainted: G D W 4.18.0-10-generic #11-Ubuntu Oct 30 11:15:42 ubuntu kernel: Hardware name: LENOVO 81FV/LNVNB161216, BIOS 8JCN44WW 08/13/2018 Oct 30 11:15:42 ubuntu kernel: Workqueue: events check_corruption Oct 30 11:15:42 ubuntu kernel: RIP: 0010:check_for_bios_corruption+0xb4/0xc0 Oct 30 11:15:42 ubuntu kernel: Code: 75 0c 5b 41 5c 41 5d 41 5e 41 Oct 30 11:15:42 ubuntu kernel: 5f 5d c3 c3 80 3d 19 34 5c 01 00
Re: [Bug 1028585] Re: Memory allocation problem with ipvsadm
I filed it for i386 did not test on 64bit... I did not see why a tiny pair
of ipv4 load balancers would need 64bit arch.
On Sun, Aug 5, 2012 at 2:24 AM, Clint Byrum wrote:
> Also could not reproduce on precise. I notice though that both systems
> have been amd64 so perthaps this is specific to i386.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1028585
>
> Title:
> Memory allocation problem with ipvsadm
>
> Status in “ipvsadm” package in Ubuntu:
> New
>
> Bug description:
> This looks like the bug listed here
> http://lists.openwall.net/netdev/2011/03/22/4 but I may be wrong. I
> have included as much information as possible to help make it clear.
>
> I was able to replicate on 3 seperate clean installs of the following:
>
> ubuntu-12.04-server-i386.iso with md5sum 32184a83c8b5e6031e1264e5c499bc03
> (have reproduced on different kernels)
>
> Linux lvs 3.2.0-27-generic-pae #43-Ubuntu SMP Fri Jul 6 15:06:05 UTC
> 2012 i686 i686 i386 GNU/Linux
>
> Steps to reproduce:-
>
> Setup - install ubuntu 12.04 i386 server with sshd
> apt-get upgrade
> reboot
>
> enabled ipv4 forwarding
> net.ipv4.ip_forward = 1
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> aptitude install ipvsadm keepalived
>
> ipvsadm -A -t $VIP:$PORT -s rr
> Memory allocation problem
>
> lsmod | grep vs
> ip_vs_wrr 12615 0
> ip_vs_wlc 12471 0
> ip_vs_sh 12572 0
> ip_vs_sed 12471 0
> ip_vs_rr 12538 0
> ip_vs_nq 12468 0
> ip_vs_lc 12468 0
> ip_vs_lblcr12802 0
> ip_vs_lblc 12747 0
> ip_vs_ftp 13014 0
> ip_vs_dh 12572 0
> nf_nat 24959 3 ip_vs_ftp,ipt_MASQUERADE,iptable_nat
> ip_vs 121543 24
> ip_vs_wrr,ip_vs_wlc,ip_vs_sh,ip_vs_sed,ip_vs_rr,ip_vs_nq,ip_vs_lc,ip_vs_lblcr,ip_vs_lblc,ip_vs_ftp,ip_vs_dh
> nf_conntrack 73847 5
> ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,ip_vs
> libcrc32c 12543 1 ip_vs
>
> strace ipvsadm -A -t 192.168.122.21:80 -s -rr
> execve("/sbin/ipvsadm", ["ipvsadm", "-A", "-t", "192.168.122.21:80",
> "-s", "-rr"], [/* 20 vars */]) = 0
> brk(0) = 0x8cd1000
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
> directory)
> mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb77ec000
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
> directory)
> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=15720, ...}) = 0
> mmap2(NULL, 15720, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77e8000
> close(3)= 0
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
> directory)
> open("/lib/i386-linux-gnu/libpopt.so.0", O_RDONLY|O_CLOEXEC) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\30\0\0004\0\0\0"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0644, st_size=47012, ...}) = 0
> mmap2(NULL, 49804, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
> = 0x768000
> mmap2(0x773000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0x773000
> close(3)= 0
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
> directory)
> open("/lib/libnl-genl-3.so.200", O_RDONLY|O_CLOEXEC) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\21\0\0004\0\0\0"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0644, st_size=18460, ...}) = 0
> mmap2(NULL, 21116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
> = 0xc5d000
> mmap2(0xc61000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xc61000
> close(3)= 0
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
> directory)
> open("/lib/libnl-3.so.200", O_RDONLY|O_CLOEXEC) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200E\0\0004\0\0\0"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0644, st_size=91856, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb77e7000
> mmap2(NULL, 94756, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
> = 0xe5e000
> mmap2(0xe74000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xe74000
> close(3)= 0
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
> directory)
> open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
> read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\226\1\0004\0\0\0"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1713640, ...}) = 0
> mmap2(NULL, 1723100, PROT_READ|
[Bug 1028585] Re: Memory allocation problem with ipvsadm
I basically worked around this issue by doing the following on the same server:- aptitude purge ipvsadm aptitude install git-core build-essential autoconf automake autotools- dev dh-make debhelper devscripts fakeroot libpopt-dev libnl-dev dpatch mkdir tmp && cd tmp git clone git://github.com/formorer/pkg-ipvsadm.git cd pkg-ipvsadm dpkg-buildpackage -rfakeroot cd .. dpkg -i ipvsadm_1.25_i386.deb dpkg-reconfigure ipvsadm ipvsadm -A -t $VIP:$PORT -s rr working layer 4 lb. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1028585 Title: Memory allocation problem with ipvsadm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipvsadm/+bug/1028585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1028585] [NEW] Memory allocation problem with ipvsadm
Public bug reported:
This looks like the bug listed here
http://lists.openwall.net/netdev/2011/03/22/4 but I may be wrong. I
have included as much information as possible to help make it clear.
I was able to replicate on 3 seperate clean installs of the following:
ubuntu-12.04-server-i386.iso with md5sum 32184a83c8b5e6031e1264e5c499bc03
(have reproduced on different kernels)
Linux lvs 3.2.0-27-generic-pae #43-Ubuntu SMP Fri Jul 6 15:06:05 UTC
2012 i686 i686 i386 GNU/Linux
Steps to reproduce:-
Setup - install ubuntu 12.04 i386 server with sshd
apt-get upgrade
reboot
enabled ipv4 forwarding
net.ipv4.ip_forward = 1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
aptitude install ipvsadm keepalived
ipvsadm -A -t $VIP:$PORT -s rr
Memory allocation problem
lsmod | grep vs
ip_vs_wrr 12615 0
ip_vs_wlc 12471 0
ip_vs_sh 12572 0
ip_vs_sed 12471 0
ip_vs_rr 12538 0
ip_vs_nq 12468 0
ip_vs_lc 12468 0
ip_vs_lblcr12802 0
ip_vs_lblc 12747 0
ip_vs_ftp 13014 0
ip_vs_dh 12572 0
nf_nat 24959 3 ip_vs_ftp,ipt_MASQUERADE,iptable_nat
ip_vs 121543 24
ip_vs_wrr,ip_vs_wlc,ip_vs_sh,ip_vs_sed,ip_vs_rr,ip_vs_nq,ip_vs_lc,ip_vs_lblcr,ip_vs_lblc,ip_vs_ftp,ip_vs_dh
nf_conntrack 73847 5
ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,ip_vs
libcrc32c 12543 1 ip_vs
strace ipvsadm -A -t 192.168.122.21:80 -s -rr
execve("/sbin/ipvsadm", ["ipvsadm", "-A", "-t", "192.168.122.21:80", "-s",
"-rr"], [/* 20 vars */]) = 0
brk(0) = 0x8cd1000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb77ec000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=15720, ...}) = 0
mmap2(NULL, 15720, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77e8000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libpopt.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\30\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=47012, ...}) = 0
mmap2(NULL, 49804, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x768000
mmap2(0x773000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0x773000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libnl-genl-3.so.200", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\21\0\0004\0\0\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=18460, ...}) = 0
mmap2(NULL, 21116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xc5d000
mmap2(0xc61000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xc61000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libnl-3.so.200", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200E\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=91856, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb77e7000
mmap2(NULL, 94756, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xe5e000
mmap2(0xe74000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xe74000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\226\1\0004\0\0\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1713640, ...}) = 0
mmap2(NULL, 1723100, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x374000
mmap2(0x513000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19f) = 0x513000
mmap2(0x516000, 10972, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x516000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p[\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=124663, ...}) = 0
mmap2(NULL, 107008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x173000
mmap2(0x18a000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16) = 0x18a000
mmap2(0x18c000, 4608, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_F
