[Bug 1939870] Re: The package fail2ban is vulnerable to arbitrary command execution via CVE-2021-32749.
Thank you for taking the time to respond. I will try to get hold of the maintainers. I've already mitigated on my systems as a precautionary measure. I can see that the Debian team is already on this: https://security-tracker.debian.org/tracker/CVE-2021-32749 I am sure the Ubuntu package maintainers are aware. https://packages.ubuntu.com/focal/fail2ban ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-32749 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939870 Title: The package fail2ban is vulnerable to arbitrary command execution via CVE-2021-32749. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/1939870/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1798679] Re: 18.10 installer crashed just after time zone selection
I have a similar issue when installing on a Lenovo Y530 with m2 PCIe SSD. I can confirm that I was able to install OpenSuse Tumbleweed which is running kernel 4.18.15 as opposed to 4.18.0. There may be a patch. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/nvme/host/pci.c?id=1d39e6928cbd0eb737c51545210b5186d5551ba1 It seemed like it might work: ubuntu kernel: nvme nvme0: nvme_report_ns_ids: Identify Descriptors failed Oct 30 11:14:36 ubuntu kernel: nvme0n1: p1 p2 p3 Oct 30 11:14:38 ubuntu kernel: nvme nvme0: nvme_report_ns_ids: Identify Descriptors failed Oct 30 11:14:38 ubuntu kernel: nvme0n1: p1 p2 p3 Oct 30 11:14:38 ubuntu partman[11608]: mke2fs 1.44.4 (18-Aug-2018) Oct 30 11:14:38 ubuntu systemd-resolved[1337]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. Oct 30 11:14:38 ubuntu partman-crypto[11691]: kernel entropy_avail: 3206 bits Oct 30 11:14:39 ubuntu kernel: NET: Registered protocol family 38 Oct 30 11:14:42 ubuntu systemd-resolved[1337]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. Oct 30 11:14:42 ubuntu partman-crypto[11703]: WARNING: Device /dev/nvme0n1p3 already contains a 'crypto_LUKS' superblock signature. Oct 30 11:14:45 ubuntu kernel: sda: sda1 sda2 sda3 Oct 30 11:14:45 ubuntu systemd-resolved[1337]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. Oct 30 11:14:47 ubuntu ubiquity[7028]: stat: cannot stat '/dev/ubuntu-vg' Oct 30 11:14:47 ubuntu ubiquity[7028]: : No such file or directory Oct 30 11:14:47 ubuntu partman-lvm[12951]: Physical volume "/dev/mapper/nvme0n1p3_crypt" successfully created. Oct 30 11:14:47 ubuntu partman-lvm[12959]: Volume group "ubuntu-vg" successfully created Oct 30 11:14:48 ubuntu partman-lvm[13203]: Logical volume "root" created. Oct 30 11:14:48 ubuntu partman-lvm[13302]: Logical volume "swap_1" created. Then: Oct 30 11:15:02 ubuntu partman[16883]: mke2fs 1.44.4 (18-Aug-2018) Oct 30 11:15:04 ubuntu ubiquity[15528]: mount: /target: mount(2) system call failed: Structure needs cleaning. Oct 30 11:15:04 ubuntu kernel: EXT4-fs (dm-1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 1917491351206869023)! Oct 30 11:15:04 ubuntu kernel: EXT4-fs (dm-1): group descriptors corrupted! After the ntp and hostname have finished this happens: Oct 30 11:15:42 ubuntu kernel: Corrupted low memory at bff9e473 (1000 phys) = 3fff3fff... Oct 30 11:15:42 ubuntu kernel: [ cut here ] Oct 30 11:15:42 ubuntu kernel: Memory corruption detected in low memory Oct 30 11:15:42 ubuntu kernel: WARNING: CPU: 1 PID: 19 at arch/x86/kernel/check.c:142 check_for_bios_corruption+0xb4/0xc0 Oct 30 11:15:42 ubuntu kernel: Modules linked in: algif_skcipher af_alg dm_crypt ufs qnx4 hfsplus hfs minix ntfs msdos xfs jfs btrfs zstd_compress libcrc32c xor raid6_pq rfcomm arc4 iwlmvm mac80211 bnep intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm uvcvideo btusb btrtl snd_hda_codec_hdmi irqbypass videobuf2_vmalloc videobuf2_memops btbcm videobuf2_v4l2 snd_hda_codec_realtek crct10dif_pclmul btintel snd_hda_codec_generic crc32_pclmul ghash_clmulni_intel snd_hda_intel snd_hda_codec bluetooth videobuf2_common pcbc videodev snd_hda_core snd_hwdep snd_pcm iwlwifi aesni_intel joydev media snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq cfg80211 aes_x86_64 crypto_simd snd_seq_device cryptd snd_timer snd glue_helper mei_me soundcore mei idma64 processor_thermal_device intel_cstate intel_soc_dts_iosf intel_pch_thermal Oct 30 11:15:42 ubuntu kernel: ecdh_generic hid_multitouch input_leds intel_rapl_perf ideapad_laptop virt_dma 8250_dw serio_raw sparse_keymap ucsi_acpi wmi_bmof typec_ucsi intel_wmi_thunderbolt mac_hid typec acpi_pad int3403_thermal int340x_thermal_zone int3400_thermal acpi_thermal_rel sch_fq_codel parport_pc ppdev lp parport Oct 30 11:15:42 ubuntu kernel: ip_tables x_tables autofs4 overlay nls_utf8 isofs nls_iso8859_1 dm_mirror dm_region_hash dm_log uas usb_storage usbhid hid_generic nouveau i915 mxm_wmi ttm i2c_algo_bit drm_kms_helper nvme syscopyarea sysfillrect sysimgblt fb_sys_fops nvme_core drm r8169 ahci intel_lpss_pci i2c_hid mii libahci intel_lpss hid video pinctrl_cannonlake wmi pinctrl_intel Oct 30 11:15:42 ubuntu kernel: CPU: 1 PID: 19 Comm: kworker/1:0 Tainted: G D W 4.18.0-10-generic #11-Ubuntu Oct 30 11:15:42 ubuntu kernel: Hardware name: LENOVO 81FV/LNVNB161216, BIOS 8JCN44WW 08/13/2018 Oct 30 11:15:42 ubuntu kernel: Workqueue: events check_corruption Oct 30 11:15:42 ubuntu kernel: RIP: 0010:check_for_bios_corruption+0xb4/0xc0 Oct 30 11:15:42 ubuntu kernel: Code: 75 0c 5b 41 5c 41 5d 41 5e 41 Oct 30 11:15:42 ubuntu kernel: 5f 5d c3 c3 80 3d 19 34 5c 01 00
Re: [Bug 1028585] Re: Memory allocation problem with ipvsadm
I filed it for i386 did not test on 64bit... I did not see why a tiny pair of ipv4 load balancers would need 64bit arch. On Sun, Aug 5, 2012 at 2:24 AM, Clint Byrum wrote: > Also could not reproduce on precise. I notice though that both systems > have been amd64 so perthaps this is specific to i386. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1028585 > > Title: > Memory allocation problem with ipvsadm > > Status in “ipvsadm” package in Ubuntu: > New > > Bug description: > This looks like the bug listed here > http://lists.openwall.net/netdev/2011/03/22/4 but I may be wrong. I > have included as much information as possible to help make it clear. > > I was able to replicate on 3 seperate clean installs of the following: > > ubuntu-12.04-server-i386.iso with md5sum 32184a83c8b5e6031e1264e5c499bc03 > (have reproduced on different kernels) > > Linux lvs 3.2.0-27-generic-pae #43-Ubuntu SMP Fri Jul 6 15:06:05 UTC > 2012 i686 i686 i386 GNU/Linux > > Steps to reproduce:- > > Setup - install ubuntu 12.04 i386 server with sshd > apt-get upgrade > reboot > > enabled ipv4 forwarding > net.ipv4.ip_forward = 1 > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > aptitude install ipvsadm keepalived > > ipvsadm -A -t $VIP:$PORT -s rr > Memory allocation problem > > lsmod | grep vs > ip_vs_wrr 12615 0 > ip_vs_wlc 12471 0 > ip_vs_sh 12572 0 > ip_vs_sed 12471 0 > ip_vs_rr 12538 0 > ip_vs_nq 12468 0 > ip_vs_lc 12468 0 > ip_vs_lblcr12802 0 > ip_vs_lblc 12747 0 > ip_vs_ftp 13014 0 > ip_vs_dh 12572 0 > nf_nat 24959 3 ip_vs_ftp,ipt_MASQUERADE,iptable_nat > ip_vs 121543 24 > ip_vs_wrr,ip_vs_wlc,ip_vs_sh,ip_vs_sed,ip_vs_rr,ip_vs_nq,ip_vs_lc,ip_vs_lblcr,ip_vs_lblc,ip_vs_ftp,ip_vs_dh > nf_conntrack 73847 5 > ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,ip_vs > libcrc32c 12543 1 ip_vs > > strace ipvsadm -A -t 192.168.122.21:80 -s -rr > execve("/sbin/ipvsadm", ["ipvsadm", "-A", "-t", "192.168.122.21:80", > "-s", "-rr"], [/* 20 vars */]) = 0 > brk(0) = 0x8cd1000 > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or > directory) > mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) = 0xb77ec000 > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=15720, ...}) = 0 > mmap2(NULL, 15720, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77e8000 > close(3)= 0 > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or > directory) > open("/lib/i386-linux-gnu/libpopt.so.0", O_RDONLY|O_CLOEXEC) = 3 > read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\30\0\0004\0\0\0"..., > 512) = 512 > fstat64(3, {st_mode=S_IFREG|0644, st_size=47012, ...}) = 0 > mmap2(NULL, 49804, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) > = 0x768000 > mmap2(0x773000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0x773000 > close(3)= 0 > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or > directory) > open("/lib/libnl-genl-3.so.200", O_RDONLY|O_CLOEXEC) = 3 > read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\21\0\0004\0\0\0"..., > 512) = 512 > fstat64(3, {st_mode=S_IFREG|0644, st_size=18460, ...}) = 0 > mmap2(NULL, 21116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) > = 0xc5d000 > mmap2(0xc61000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xc61000 > close(3)= 0 > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or > directory) > open("/lib/libnl-3.so.200", O_RDONLY|O_CLOEXEC) = 3 > read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200E\0\0004\0\0\0"..., > 512) = 512 > fstat64(3, {st_mode=S_IFREG|0644, st_size=91856, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) = 0xb77e7000 > mmap2(NULL, 94756, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) > = 0xe5e000 > mmap2(0xe74000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xe74000 > close(3)= 0 > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or > directory) > open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 > read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\226\1\0004\0\0\0"..., > 512) = 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=1713640, ...}) = 0 > mmap2(NULL, 1723100, PROT_READ|
[Bug 1028585] Re: Memory allocation problem with ipvsadm
I basically worked around this issue by doing the following on the same server:- aptitude purge ipvsadm aptitude install git-core build-essential autoconf automake autotools- dev dh-make debhelper devscripts fakeroot libpopt-dev libnl-dev dpatch mkdir tmp && cd tmp git clone git://github.com/formorer/pkg-ipvsadm.git cd pkg-ipvsadm dpkg-buildpackage -rfakeroot cd .. dpkg -i ipvsadm_1.25_i386.deb dpkg-reconfigure ipvsadm ipvsadm -A -t $VIP:$PORT -s rr working layer 4 lb. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1028585 Title: Memory allocation problem with ipvsadm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipvsadm/+bug/1028585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1028585] [NEW] Memory allocation problem with ipvsadm
Public bug reported: This looks like the bug listed here http://lists.openwall.net/netdev/2011/03/22/4 but I may be wrong. I have included as much information as possible to help make it clear. I was able to replicate on 3 seperate clean installs of the following: ubuntu-12.04-server-i386.iso with md5sum 32184a83c8b5e6031e1264e5c499bc03 (have reproduced on different kernels) Linux lvs 3.2.0-27-generic-pae #43-Ubuntu SMP Fri Jul 6 15:06:05 UTC 2012 i686 i686 i386 GNU/Linux Steps to reproduce:- Setup - install ubuntu 12.04 i386 server with sshd apt-get upgrade reboot enabled ipv4 forwarding net.ipv4.ip_forward = 1 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE aptitude install ipvsadm keepalived ipvsadm -A -t $VIP:$PORT -s rr Memory allocation problem lsmod | grep vs ip_vs_wrr 12615 0 ip_vs_wlc 12471 0 ip_vs_sh 12572 0 ip_vs_sed 12471 0 ip_vs_rr 12538 0 ip_vs_nq 12468 0 ip_vs_lc 12468 0 ip_vs_lblcr12802 0 ip_vs_lblc 12747 0 ip_vs_ftp 13014 0 ip_vs_dh 12572 0 nf_nat 24959 3 ip_vs_ftp,ipt_MASQUERADE,iptable_nat ip_vs 121543 24 ip_vs_wrr,ip_vs_wlc,ip_vs_sh,ip_vs_sed,ip_vs_rr,ip_vs_nq,ip_vs_lc,ip_vs_lblcr,ip_vs_lblc,ip_vs_ftp,ip_vs_dh nf_conntrack 73847 5 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,ip_vs libcrc32c 12543 1 ip_vs strace ipvsadm -A -t 192.168.122.21:80 -s -rr execve("/sbin/ipvsadm", ["ipvsadm", "-A", "-t", "192.168.122.21:80", "-s", "-rr"], [/* 20 vars */]) = 0 brk(0) = 0x8cd1000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77ec000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=15720, ...}) = 0 mmap2(NULL, 15720, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77e8000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/i386-linux-gnu/libpopt.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\30\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=47012, ...}) = 0 mmap2(NULL, 49804, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x768000 mmap2(0x773000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0x773000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libnl-genl-3.so.200", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\21\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=18460, ...}) = 0 mmap2(NULL, 21116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xc5d000 mmap2(0xc61000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xc61000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libnl-3.so.200", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200E\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=91856, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77e7000 mmap2(NULL, 94756, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xe5e000 mmap2(0xe74000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xe74000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\\226\1\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1713640, ...}) = 0 mmap2(NULL, 1723100, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x374000 mmap2(0x513000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19f) = 0x513000 mmap2(0x516000, 10972, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x516000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/i386-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p[\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=124663, ...}) = 0 mmap2(NULL, 107008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x173000 mmap2(0x18a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16) = 0x18a000 mmap2(0x18c000, 4608, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_F