[Bug 2069624] [NEW] Debian binary package using zstd only shows control.tar.zs
Public bug reported: When running e.g. apt-get download file file file_*.deb the output is file_1%3a5.41-3ubuntu0.1_amd64.deb: Debian binary package (format 2.0), with control.tar.zs, data compression zst with only "control.tar.zs". While ar -t file_*.deb correctly prints "control.tar.zst" Tested with file 5.41-3ubuntu0.1 on Ubuntu 22.04 LTS. ** Affects: file (Ubuntu) Importance: Undecided Status: New ** Summary changed: - Debian binary package only shows control.tar.zs + Debian binary package using zstd only shows control.tar.zs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2069624 Title: Debian binary package using zstd only shows control.tar.zs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/2069624/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058354] [NEW] Enabling FIPS breaks password hashing
Public bug reported: We are running x11vnc 0.9.16-8 on a FIPS enabled Ubuntu 22.04 with libvncserver1 0.9.13+dfsg-3build2 and libssl3 3.0.2-0ubuntu1.12+Fips1. With the fips=1 kernel parameter enabling FIPS, it seems that the password hashing is broken and only a clear text password is written: $ cat /proc/sys/crypto/fips_enabled 1 $ x11vnc -storepasswd Abc /tmp/.testpw && cat /tmp/.testpw stored passwd in file: /tmp/.testpw Abc Any connection attempt fails with a 'password check failed!' error. Running x11vnc with sudo /usr/bin/x11vnc -auth guess -forever -localhost -loop -noxdamage -repeat -rfbauth /root/.vncpasswd -rfbport 5900 -shared logs the following: Got connection from client 127.0.0.1 0 other clients Normal socket connection check_access: client 127.0.0.1 matches host 127.0.0.1 incr accepted_client=1 for 127.0.0.1:54968 sock=10 Client Protocol Version 3.8 Protocol version sent 3.8, using 3.8 rfbProcessClientSecurityType: executing handler for type 2 Couldn't read password file: /root/.vncpasswd rfbAuthProcessClientMessage: password check failed rfbClientSendString("password check failed!") client_count: 0 Client 127.0.0.1 gone By turning off FIPS with fips=0 in the kernel, it works as expected: $ cat /proc/sys/crypto/fips_enabled 0 $ x11vnc -storepasswd Abc /tmp/.testpw && cat /tmp/.testpw stored passwd in file: /tmp/.testpw �97l܊ ** Affects: x11vnc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058354 Title: Enabling FIPS breaks password hashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/x11vnc/+bug/2058354/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970585] Re: Logic for PermitRootLogin in config script is flipped
Oh, I did just see the explanation in the postinst and templates file: Template: openssh-server/permit-root-login Type: boolean Default: true Description: Disable SSH password authentication for root? ** Changed in: openssh (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970585 Title: Logic for PermitRootLogin in config script is flipped To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1970585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970585] Re: Logic for PermitRootLogin in config script is flipped
** Description changed: In the config script of openssh-server, the debconf database is updated with the values that are read from sshd_config. But if I'm not mistaken the yes/no logic is flipped: if [ "$permit_root_login" = yes ]; then - db_set openssh-server/permit-root-login false + db_set openssh-server/permit-root-login false else - db_set openssh-server/permit-root-login true + db_set openssh-server/permit-root-login true fi Discovered this in openssh-server 7.6p1-4ubuntu0.5 on Ubuntu 18.04.5 - LTS. Checked that this still unchcanged in 8.9p1-3 on jammy. + LTS. Checked that this is still unchcanged in 8.9p1-3 on jammy. I marked this a vulnerability as this might lead to unintended flipped settings of permitting root to log in. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970585 Title: Logic for PermitRootLogin in config script is flipped To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1970585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970585] Re: Logic for PermitRootLogin in config script is flipped
** Information type changed from Private Security to Public Security ** Description changed: In the config script of openssh-server, the debconf database is updated with the values that are read from sshd_config. But if I'm not mistaken the yes/no logic is flipped: if [ "$permit_root_login" = yes ]; then - db_set openssh-server/permit-root-login false + db_set openssh-server/permit-root-login false else - db_set openssh-server/permit-root-login true + db_set openssh-server/permit-root-login true fi Discovered this in openssh-server 7.6p1-4ubuntu0.5 on Ubuntu 18.04.5 LTS. Checked that this still unchcanged in 8.9p1-3 on jammy. - I marked this a vulnerability as this might lead to unintend flipped + I marked this a vulnerability as this might lead to unintended flipped settings of permitting root to log in. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970585 Title: Logic for PermitRootLogin in config script is flipped To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1970585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs