Re: CVE-2017-1000364 kernel fix brake user-space programs
On 06/23/2017 12:52 PM, Nrbrtx wrote: > Dear Ubuntu developers! > > I can't understand how this happen, but your latest kernel upgrade broke many > user-space applications. > > For me this process was started from Scilab. I can't use it with new kernels > (linux-image-3.13.0-121-generic on 14.04; linux-image-4.4.0-81-generic on > 16.04). > So I reported bug to launchpad - https://bugs.launchpad.net/bugs/1699892 . > > Scilab users ask their developers for the fix, but the root of the problem is > the kernel (see http://bugzilla.scilab.org/show_bug.cgi?id=15141, > http://bugzilla.scilab.org/show_bug.cgi?id=15145, > http://bugzilla.scilab.org/show_bug.cgi?id=15192,http://bugzilla.scilab.org/show_bug.cgi?id=15194, > http://bugzilla.scilab.org/show_bug.cgi?id=15195). > > After some digging I discovered that other apps are affected too - see > comments on other bug page ( https://bugs.launchpad.net/bugs/1698919 ). The > list contain the following programs: > * Oracle Java Plugin (see https://bugs.launchpad.net/bugs/1699772 ) > * Scilab at least in Trusty and Xenial (see > https://bugs.launchpad.net/bugs/1699892 ) > * LPCxpresso (see https://community.nxp.com/thread/453939 ) > * RMongo (see https://stackoverflow.com/a/44699417 ) > * Ubiquity UniFi (see > https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Controller-failed-after-dist-upgrade/td-p/1967779 > ) > * Eclipse (see > https://askubuntu.com/questions/927746/eclipse-crashes-with-linux-kernel-4-4-0-81-generic > ) > > Debian 7, 8 and 9 are affected too (see > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865549 and > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865672 ). > > It is not OK. > Do you plan to revert this security patch? > Problem may have wider spread, than detected now. > The kernel team is aware of the issue, and will be releasing updated kernels when they are available. There are currently no plans to revert the kernel patch until the replacement patches are ready due to the nature of the security vulnerability. If the regression is preventing you from using the applications you require then we currently recommend you reboot into the previous kernel. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: CVE-2017-1000364 kernel fix brake user-space programs
It is not OK. Says who? You're speaking as if from a position of authority, but what authority do you have? On 2017-06-23 19:52, Nrbrtx wrote: Dear Ubuntu developers! I can't understand how this happen, but your latest kernel upgrade broke many user-space applications. For me this process was started from Scilab. I can't use it with new kernels (linux-image-3.13.0-121-generic on 14.04; linux-image-4.4.0-81-generic on 16.04). So I reported bug to launchpad - https://bugs.launchpad.net/bugs/1699892 . Scilab users ask their developers for the fix, but the root of the problem is the kernel (see http://bugzilla.scilab.org/show_bug.cgi?id=15141, http://bugzilla.scilab.org/show_bug.cgi?id=15145, http://bugzilla.scilab.org/show_bug.cgi?id=15192,http://bugzilla.scilab.org/show_bug.cgi?id=15194, http://bugzilla.scilab.org/show_bug.cgi?id=15195). After some digging I discovered that other apps are affected too - see comments on other bug page ( https://bugs.launchpad.net/bugs/1698919 ). The list contain the following programs: * Oracle Java Plugin (see https://bugs.launchpad.net/bugs/1699772 ) * Scilab at least in Trusty and Xenial (see https://bugs.launchpad.net/bugs/1699892 ) * LPCxpresso (see https://community.nxp.com/thread/453939 ) * RMongo (see https://stackoverflow.com/a/44699417 ) * Ubiquity UniFi (see https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Controller-failed-after-dist-upgrade/td-p/1967779 ) * Eclipse (see https://askubuntu.com/questions/927746/eclipse-crashes-with-linux-kernel-4-4-0-81-generic ) Debian 7, 8 and 9 are affected too (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865549 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865672 ). It is not OK. Do you plan to revert this security patch? Problem may have wider spread, than detected now. With best regards, Norbert. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: CVE-2017-1000364 kernel fix brake user-space programs
On Fri, 23 Jun 2017 22:52:40 +0300, Nrbrtx wrote: >It is not OK. >Do you plan to revert this security patch? Hi, I'm not an Ubuntu developer. Did you read about CVE-2017-1000364, https://www.google.de/?gws_rd=ssl#q=ubuntu+CVE-2017-1000364 ? Do you really expect a fix for a _high severity_ vulnerability to be removed? Sometimes it happens that getting rid of vulnerabilities breaks software, not only caused by kernel fixe, sometimes user space software gets completely dropped, if continuing to provide it would cause a serious risk. Regards, Ralf PS: FWIW for good reasons not only Debian based distros, such as the Ubuntu flavours care much about this high severity vulnerability: https://www.google.de/?gws_rd=ssl#q=arch+linux+CVE-2017-1000364 [rocketmouse@archlinux ~]$ arch-audit --upgradable --quiet | grep linux linux>=4.11.6-3 This isn't some minor annoyance bug. -- Vote for apulse! echo $(w3m https://aur.archlinux.org/packages/apulse |grep 'Votes:') Votes: 71 Updated: Fri Jun 23 22:26:44 CEST 2017 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
CVE-2017-1000364 kernel fix brake user-space programs
Dear Ubuntu developers! I can't understand how this happen, but your latest kernel upgrade broke many user-space applications. For me this process was started from Scilab. I can't use it with new kernels (linux-image-3.13.0-121-generic on 14.04; linux-image-4.4.0-81-generic on 16.04). So I reported bug to launchpad - https://bugs.launchpad.net/bugs/1699892 . Scilab users ask their developers for the fix, but the root of the problem is the kernel (see http://bugzilla.scilab.org/show_bug.cgi?id=15141, http://bugzilla.scilab.org/show_bug.cgi?id=15145, http://bugzilla.scilab.org/show_bug.cgi?id=15192,http://bugzilla.scilab.org/show_bug.cgi?id=15194, http://bugzilla.scilab.org/show_bug.cgi?id=15195). After some digging I discovered that other apps are affected too - see comments on other bug page ( https://bugs.launchpad.net/bugs/1698919 ). The list contain the following programs: * Oracle Java Plugin (see https://bugs.launchpad.net/bugs/1699772 ) * Scilab at least in Trusty and Xenial (see https://bugs.launchpad.net/bugs/1699892 ) * LPCxpresso (see https://community.nxp.com/thread/453939 ) * RMongo (see https://stackoverflow.com/a/44699417 ) * Ubiquity UniFi (see https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Controller-failed-after-dist-upgrade/td-p/1967779 ) * Eclipse (see https://askubuntu.com/questions/927746/eclipse-crashes-with-linux-kernel-4-4-0-81-generic ) Debian 7, 8 and 9 are affected too (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865549 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865672 ). It is not OK. Do you plan to revert this security patch? Problem may have wider spread, than detected now. With best regards, Norbert. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss