[Bug 1769304] Re: Apache2 mod_remoteip+rewrite allows client to forge IP address
Would be good to have a simple test case for this bug. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1769304 Title: Apache2 mod_remoteip+rewrite allows client to forge IP address To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1769304/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1769304] Re: Apache2 mod_remoteip+rewrite allows client to forge IP address
This is fixed in bionic and later. Leaving a task open for xenial. Links to the upstream fix: https://svn.apache.org/viewvc?view=revision&revision=1767483 https://github.com/apache/httpd/commit/950093162e445141c5126e4d11e6466e3184b0ce ** Also affects: apache2 (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: apache2 (Ubuntu) Status: Triaged => Fix Released ** Changed in: apache2 (Ubuntu Xenial) Status: New => Triaged ** Changed in: apache2 (Ubuntu Xenial) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1769304 Title: Apache2 mod_remoteip+rewrite allows client to forge IP address To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1769304/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1529355] Re: authzprovideralias-defined authz provider can't be used in Ubuntu14
Confirmed the patch fixes the issue. Without it /var/log/apache2/access.log reports this: [Fri Nov 23 19:41:07.575706 2018] [authz_core:error] [pid 4855:tid 140320138327808] [client 10.0.100.1:56824] AH02305: no alias provider found for 'blacklisted-ips' (BUG?) Simple config: root@trusty-apache:/etc/apache2# cat conf-enabled/authorized.conf And to the default vhost, I added this: Require not blacklisted-ips Require all granted ** Changed in: apache2 (Ubuntu) Status: Triaged => In Progress ** Changed in: apache2 (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1529355 Title: authzprovideralias-defined authz provider can't be used in Ubuntu14 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1529355/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1529355] Re: authzprovideralias-defined authz provider can't be used in Ubuntu14
https://code.launchpad.net/~ahasenack/ubuntu/+source/apache2/+git/apache2/+ref /trusty-apache-authzalias-1529355 -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1529355 Title: authzprovideralias-defined authz provider can't be used in Ubuntu14 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1529355/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1529355] Re: authzprovideralias-defined authz provider can't be used in Ubuntu14
https://github.com/apache/httpd/commit/4f06dd51b464b66f956ae577f068b16486d3920b -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1529355 Title: authzprovideralias-defined authz provider can't be used in Ubuntu14 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1529355/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1803838] Re: Mailman Upgrade to 2.1.29 - Ubuntu 16.04
Current state of mailman in the Security Team's CVE tracker: http://people.canonical.com/~ubuntu-security/cve/pkg/mailman.html At the moment, these are in a needs-triage state: CVE-2018-0618 and CVE-2018-13796 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0618 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-13796 -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to mailman in Ubuntu. https://bugs.launchpad.net/bugs/1803838 Title: Mailman Upgrade to 2.1.29 - Ubuntu 16.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailman/+bug/1803838/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1803838] Re: Mailman Upgrade to 2.1.29 - Ubuntu 16.04
A "blanket" bug like this, requesting a big upgrade, is unlikely to be resolved. I think it's best to highlight a specific issue in a specific bug report, even if you end up with multiple reports. Then someone working on it can decide whether it's best to backport a fix, or upgrade the version. Usually the former is better, specially considering xenial is an LTS release. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to mailman in Ubuntu. https://bugs.launchpad.net/bugs/1803838 Title: Mailman Upgrade to 2.1.29 - Ubuntu 16.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailman/+bug/1803838/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1803795] Re: fancontrol shows errors and doesn't seem to work
Thanks for filing the upstream bug. That is the best place for this discussion. I'll mark this bug as "confirmed" in the meantime, but we will need a new upstream version or a patch from them to fix this in Ubuntu. ** Changed in: lm-sensors (Ubuntu) Status: Incomplete => Confirmed ** Also affects: lmsensors via https://github.com/lm-sensors/lm-sensors/issues/144 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to lm-sensors in Ubuntu. https://bugs.launchpad.net/bugs/1803795 Title: fancontrol shows errors and doesn't seem to work To manage notifications about this bug go to: https://bugs.launchpad.net/lmsensors/+bug/1803795/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
