Regression fix USN has now been published:
https://ubuntu.com/security/notices/USN-6885-2
Thanks!
** Changed in: apache2 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
proxying requests to a HTTP/2 server.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Marc Stern discovered that the Apache HTTP Server incorrectly handled
serving WebSocket protocol upgrades over HTTP/2 connections. A remote
attacker could possibly use
(Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: apache2 (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: apache2 (Ubuntu Focal)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: apache2 (Ubuntu Jammy)
Assig
I have uploaded a test package to the security team PPA here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
If you could give it a spin and see if it fixes the issue, that would be
great. If it does, I'll release it as a regression update.
Thanks!
--
You
This is a stab in the dark but perhaps this is part of the problem:
https://github.com/apache/httpd/commit/4d3a308014be26e5407113b4c827a1ea2882bf38
Would you be willing to try a test package if I build one?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: apache2 (Ubuntu)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2072648
Title:
Regression in Apache 2.4.52-1ubuntu4
Is this all your are getting? "Reason: URI has no hostname: /…"
Or did you edit that to remove sensitive info?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2072648
Title:
Regression in Apache
==
Ubuntu Security Notice USN-6888-1
July 09, 2024
python-django vulnerabilities
==
A security issue affects these releases of Ubuntu and its
==
Ubuntu Security Notice USN-6887-1
July 09, 2024
openssh vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
Thanks for the confirmation Konstantin.
I do not have any admin rights to do that, but in my mind this ticket
can be closed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815278
Title:
LyX
:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description:
- apache2: Apache HTTP server
Details:
Marc Stern discovered that the Apache HTTP Server incorrectly handled
serving WebSocket protocol
==
Ubuntu Security Notice USN-6883-1
July 08, 2024
glance vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6882-1
July 08, 2024
cinder vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6884-1
July 08, 2024
nova vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
** Changed in: crowdsec-firewall-bouncer (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2069596
Title:
blocks wrong IPv4 and IPv6 addresses on LE systems
We have no way of knowing why virustotal is flagging this as being
malicious, so there is no actionable item we can take with this bug
report.
Could you get more details on the issue?
** Changed in: golang-1.22 (Ubuntu)
Status: New => Incomplete
--
You received this bug notification
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Changed in: pam (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2069490
Title:
Possible fingerjacking vulnerability: CVE-2024-37408
To manage notifications
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Hello Konstantin, is this bug still present for you?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815278
Title:
LyX restores the same cursor position wherever it was placed next
time(s)
To
Do you have support for danish hyphenation rule installed? I'd try to
install the package texlive-lang-european if it is not there.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2049926
Title:
==
Ubuntu Security Notice USN-6877-1
July 04, 2024
libreoffice vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
Thanks for reporting this issue. It's a pretty odd issue, because all
the OpenSSH update did was disable a line that logged something, so I'm
not sure how it could be related to connecting from a different subnet.
Can you confirm that downgrading to the previous release fixes the
issue?
--
You
Can you share the bibtex file or just the bad entry? The link that you
give here does not have the 1000 authors.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2069792
Title:
lyx segfaults upon
** Summary changed:
- Investigate ASLR being disabled for children
+ Investigate ASLR re-randomization being disabled for children
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2071815
Title:
Subscribing Nick, who appears to be the original delta author.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2071815
Title:
Investigate ASLR being disabled for children
To manage notifications
*** This bug is a security vulnerability ***
Public security bug reported:
The systemd-socket-activation.patch patch has an Ubuntu delta to fix bug
2011458, but this results in ASLR not being re-randomized for children
because the patch delta does "rexec_flag = 0;".
This was discovered as part
==
Ubuntu Security Notice USN-6860-1
July 02, 2024
openvpn vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
-
** Information type changed from Private Security to Public Security
** Changed in: openssh (Ubuntu Oracular)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks, this is very helpful.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2069792
Title:
lyx segfaults upon opening a .lyx file
To manage notifications about this bug go to:
It looks like upstream released a follow-up commit to fix this issue, or
one similar to it:
https://github.com/OpenPrinting/cups/commit/145b946a86062aafab76c656ee9c1112bfd4f804
We will build test packages to see if this solves the regression, and if
so, we will publish updates.
** Also affects:
==
Ubuntu Security Notice USN-6852-1
June 26, 2024
wget vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6843-1
June 26, 2024
plasma-workspace vulnerability
==
A security issue affects these releases of Ubuntu and its
==
Ubuntu Security Notice USN-6853-1
June 26, 2024
ruby2.7, ruby3.0, ruby3.1 vulnerability
==
A security issue affects these releases of Ubuntu and its
Hello,
Thanks for the very complete bug report. I cannot reproduce any crash
loading the file from command line.
I do not see any error in the valgrind log, do you see one?
Finally, gdb seems to show an infinite recursion in regex, but there is
no way to see where it starts.
Is is possible fr
5c7e72d92" BLOCK_SIZE="4096" TYPE="ext4"
PARTUUID="8fc6d76b-727a-42b2-be23-28467132a659"
/dev/nvme0n1p1: UUID="E256-F414" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI
system partition" PARTUUID="fa0e08f9-fae7-43c8-b0f1
I have built packages in the security team proposed PPA for testing.
Additional packages required no-change rebuilds in the -security pocket
also. For Jammy, the additional packages are breeze, libksysguard,
layer-shell-qt, kwin, kwayland-server. For Focal, the additional
packages are kwin and
ACK on the debdiffs, packages are building now!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067742
Title:
[SRU] CVE-2024-36041 Fix ksmserver: Unauthorized users can access
session manager
To
==
Ubuntu Security Notice USN-6836-1
June 17, 2024
sssd vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6838-1
June 17, 2024
ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities
==
A security issue affects these releases of
==
Ubuntu Security Notice USN-6837-1
June 17, 2024
ruby-rack vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6833-1
June 13, 2024
vte2.91 vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6830-1
June 12, 2024
libndp vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6823-1
June 11, 2024
mysql-8.0 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6815-1
June 06, 2024
aom vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6814-1
June 06, 2024
libvpx vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6567-2
June 06, 2024
qemu regression
==
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu
I have tried your workaround from #2 and hibernate works. Thanks
Dmitry-a-durnev !
However, when I reboot my pc, I'm back to square one. Hibernate stops working
till I execute the steps in #2 again.
Any idea's ?
--
You received this bug notification because you are a member of Ubuntu
Bugs,
In response to comment #7, I have no issue releasing a security update
regression fix for focal and jammy that relaxes the CVE fix for sockets
since that is a change in behaviour. Let me know once the proposed patch
has been successfully tested to resolve the issue.
--
You received this bug
This is the upstream commit which introduced the change in behaviour:
https://gitlab.com/qemu-
project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda
There is no subsequent fix to the new restrictions, and the only more
recent commit is one to deprecate the whole proxy backend:
==
Ubuntu Security Notice USN-6801-1
May 30, 2024
python-pymysql vulnerability
==
A security issue affects these releases of Ubuntu and its
==
Ubuntu Security Notice USN-6802-1
May 30, 2024
postgresql-14, postgresql-15, postgresql-16 vulnerability
==
A security issue affects these releases
==
Ubuntu Security Notice USN-6794-1
May 28, 2024
frr vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
-
These were all released:
https://ubuntu.com/security/notices/USN-6789-1
** Changed in: libreoffice (Ubuntu Focal)
Status: In Progress => Fix Released
** Changed in: libreoffice (Ubuntu Jammy)
Status: In Progress => Fix Released
** Changed in: libreoffice (Ubuntu Mantic)
==
Ubuntu Security Notice USN-6790-1
May 28, 2024
amavisd-new vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6789-1
May 28, 2024
libreoffice vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6788-1
May 28, 2024
webkit2gtk vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6791-1
May 28, 2024
unbound vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059852
Title:
Invalid free called during libfreetype FT_Done_Glyph
To manage
Adding gnome-session as this is where the logic exists.
I don't see any changes in the latest gnome-session script. Could you
please file a bug with the upstream gnome-session developers here?:
https://gitlab.gnome.org/GNOME/gnome-session/-/issues
Thanks!
** Also affects: gnome-session
** Changed in: linux (Ubuntu)
Status: New => Invalid
** Changed in: network-manager-pptp (Ubuntu)
Status: New => Won't Fix
** Changed in: ubuntu-release-notes
Status: New => Fix Released
** Changed in: pptp-linux (Ubuntu)
Status: New => Confirmed
--
You received
** Changed in: openjdk-22 (Ubuntu)
Status: Triaged => Fix Committed
** Changed in: openjdk-22 (Ubuntu)
Status: Fix Committed => Fix Released
** Changed in: openjdk-23 (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of
** Changed in: mate-desktop (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058434
Title:
leakage of private information through window list preview
To
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
** Tags added: community-security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2063055
Title:
Boot failure 24.04
To manage notifications about this bug go to:
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065678
Title:
nvidia-graphics-drivers-545 package fails to launch
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
==
Ubuntu Security Notice USN-6785-1
May 23, 2024
gnome-remote-desktop vulnerability
==
A security issue affects these releases of Ubuntu and its
Since they are new upstream versions, and are already going through the
SRU process, I'll wait until they are verified-done, and I will do a no-
change rebuild of them into the -security pocket.
Does that sound reasonable? Thanks!
--
You received this bug notification because you are a member
Thanks for the debdiffs, I will prepare packages in the security PPA and
will comment back
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065728
Title:
CVE-2024-3044
To manage notifications about
==
Ubuntu Security Notice USN-6772-1
May 14, 2024
strongswan vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6768-1
May 09, 2024
glib2.0 vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
Well, the main impact for me was that after the update, suddenly the
autostart of all Virtual Machines failed after a reboot, which to me is
a seriously POLA violation and not something I would expect to happen
within an LTS release.
Even though you are correct in the fact that it was broken
==
Ubuntu Security Notice USN-6763-1
May 07, 2024
libvirt vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
I'm sorry, but if this means that in the default configuration this is
no longer working, how is this not a regression ?
Should the default configuration not be so that both bind9 and libvirtd
can be installed and used without issue as was the case before the
dnsmasq update?
Breaking this within
==
Ubuntu Security Notice USN-6759-1
April 29, 2024
freerdp3 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6729-3
April 29, 2024
apache2 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6718-3
April 29, 2024
curl vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6737-2
April 29, 2024
glibc vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6734-2
April 29, 2024
libvirt vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6733-2
April 29, 2024
gnutls28 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
ACK on the debdiffs. Uploaded for processing by the SRU team. Thanks!
** Changed in: openscap (Ubuntu Focal)
Status: New => In Progress
** Changed in: openscap (Ubuntu Jammy)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs,
==
Ubuntu Security Notice USN-6752-1
April 25, 2024
freerdp2 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6749-1
April 24, 2024
freerdp2 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
The regression fix has now been published:
https://ubuntu.com/security/notices/USN-6728-3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060880
Title:
squid crashes after update to
==
Ubuntu Security Notice USN-6728-3
April 23, 2024
squid vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
That is pretty odd, I can't reproduce this issue on jammy.
what's the output of "ldd /lib/x86_64-linux-
gnu/libwebkit2gtk-4.0.so.37"?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062916
Title:
Thanks for testing it, it's much appreciated!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060880
Title:
squid crashes after update to 4.10-1ubuntu1.10
To manage notifications about this bug go
Public bug reported:
i tried to purge all ppa, but that did not solve the problem
ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: ubuntu-release-upgrader-core 1:23.10.14
ProcVersionSignature: Ubuntu 6.5.0-28.29-generic 6.5.13
Uname: Linux 6.5.0-28-generic x86_64
NonfreeKernelModules:
I have located the issue and have prepared an updated package that will
reintroduce the fixes for CVE-2023-5824. I have uploaded the updated
package to the security team PPA here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
Once it has finished building, could
1 - 100 of 20638 matches
Mail list logo