[Bug 2069624] [NEW] Debian binary package using zstd only shows control.tar.zs
Public bug reported: When running e.g. apt-get download file file file_*.deb the output is file_1%3a5.41-3ubuntu0.1_amd64.deb: Debian binary package (format 2.0), with control.tar.zs, data compression zst with only "control.tar.zs". While ar -t file_*.deb correctly prints "control.tar.zst" Tested with file 5.41-3ubuntu0.1 on Ubuntu 22.04 LTS. ** Affects: file (Ubuntu) Importance: Undecided Status: New ** Summary changed: - Debian binary package only shows control.tar.zs + Debian binary package using zstd only shows control.tar.zs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2069624 Title: Debian binary package using zstd only shows control.tar.zs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/2069624/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058354] [NEW] Enabling FIPS breaks password hashing
Public bug reported:
We are running x11vnc 0.9.16-8 on a FIPS enabled Ubuntu 22.04 with
libvncserver1 0.9.13+dfsg-3build2 and libssl3 3.0.2-0ubuntu1.12+Fips1.
With the fips=1 kernel parameter enabling FIPS, it seems that the
password hashing is broken and only a clear text password is written:
$ cat /proc/sys/crypto/fips_enabled
1
$ x11vnc -storepasswd Abc /tmp/.testpw && cat /tmp/.testpw
stored passwd in file: /tmp/.testpw
Abc
Any connection attempt fails with a 'password check failed!' error.
Running x11vnc with
sudo /usr/bin/x11vnc -auth guess -forever -localhost -loop -noxdamage
-repeat -rfbauth /root/.vncpasswd -rfbport 5900 -shared
logs the following:
Got connection from client 127.0.0.1
0 other clients
Normal socket connection
check_access: client 127.0.0.1 matches host 127.0.0.1
incr accepted_client=1 for 127.0.0.1:54968 sock=10
Client Protocol Version 3.8
Protocol version sent 3.8, using 3.8
rfbProcessClientSecurityType: executing handler for type 2
Couldn't read password file: /root/.vncpasswd
rfbAuthProcessClientMessage: password check failed
rfbClientSendString("password check failed!")
client_count: 0
Client 127.0.0.1 gone
By turning off FIPS with fips=0 in the kernel, it works as expected:
$ cat /proc/sys/crypto/fips_enabled
0
$ x11vnc -storepasswd Abc /tmp/.testpw && cat /tmp/.testpw
stored passwd in file: /tmp/.testpw
�97l܊
** Affects: x11vnc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058354
Title:
Enabling FIPS breaks password hashing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/x11vnc/+bug/2058354/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970585] Re: Logic for PermitRootLogin in config script is flipped
Oh, I did just see the explanation in the postinst and templates file: Template: openssh-server/permit-root-login Type: boolean Default: true Description: Disable SSH password authentication for root? ** Changed in: openssh (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970585 Title: Logic for PermitRootLogin in config script is flipped To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1970585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970585] Re: Logic for PermitRootLogin in config script is flipped
** Description changed: In the config script of openssh-server, the debconf database is updated with the values that are read from sshd_config. But if I'm not mistaken the yes/no logic is flipped: if [ "$permit_root_login" = yes ]; then - db_set openssh-server/permit-root-login false + db_set openssh-server/permit-root-login false else - db_set openssh-server/permit-root-login true + db_set openssh-server/permit-root-login true fi Discovered this in openssh-server 7.6p1-4ubuntu0.5 on Ubuntu 18.04.5 - LTS. Checked that this still unchcanged in 8.9p1-3 on jammy. + LTS. Checked that this is still unchcanged in 8.9p1-3 on jammy. I marked this a vulnerability as this might lead to unintended flipped settings of permitting root to log in. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970585 Title: Logic for PermitRootLogin in config script is flipped To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1970585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970585] Re: Logic for PermitRootLogin in config script is flipped
** Information type changed from Private Security to Public Security ** Description changed: In the config script of openssh-server, the debconf database is updated with the values that are read from sshd_config. But if I'm not mistaken the yes/no logic is flipped: if [ "$permit_root_login" = yes ]; then - db_set openssh-server/permit-root-login false + db_set openssh-server/permit-root-login false else - db_set openssh-server/permit-root-login true + db_set openssh-server/permit-root-login true fi Discovered this in openssh-server 7.6p1-4ubuntu0.5 on Ubuntu 18.04.5 LTS. Checked that this still unchcanged in 8.9p1-3 on jammy. - I marked this a vulnerability as this might lead to unintend flipped + I marked this a vulnerability as this might lead to unintended flipped settings of permitting root to log in. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970585 Title: Logic for PermitRootLogin in config script is flipped To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1970585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
