Regression fix USN has now been published:
https://ubuntu.com/security/notices/USN-6885-2
Thanks!
** Changed in: apache2 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
==
Ubuntu Security Notice USN-6885-2
July 11, 2024
apache2 regression
==
A security issue affects these releases of Ubuntu and its derivatives:
-
(Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: apache2 (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: apache2 (Ubuntu Focal)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: apache2 (Ubuntu Jammy)
Assig
I have uploaded a test package to the security team PPA here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
If you could give it a spin and see if it fixes the issue, that would be
great. If it does, I'll release it as a regression update.
Thanks!
--
You
This is a stab in the dark but perhaps this is part of the problem:
https://github.com/apache/httpd/commit/4d3a308014be26e5407113b4c827a1ea2882bf38
Would you be willing to try a test package if I build one?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: apache2 (Ubuntu)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2072648
Title:
Regression in Apache 2.4.52-1ubuntu4
Is this all your are getting? "Reason: URI has no hostname: /…"
Or did you edit that to remove sensitive info?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2072648
Title:
Regression in Apache
==
Ubuntu Security Notice USN-6888-1
July 09, 2024
python-django vulnerabilities
==
A security issue affects these releases of Ubuntu and its
==
Ubuntu Security Notice USN-6887-1
July 09, 2024
openssh vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6885-1
July 08, 2024
apache2 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6883-1
July 08, 2024
glance vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6882-1
July 08, 2024
cinder vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6884-1
July 08, 2024
nova vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
** Changed in: crowdsec-firewall-bouncer (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2069596
Title:
blocks wrong IPv4 and IPv6 addresses on LE systems
We have no way of knowing why virustotal is flagging this as being
malicious, so there is no actionable item we can take with this bug
report.
Could you get more details on the issue?
** Changed in: golang-1.22 (Ubuntu)
Status: New => Incomplete
--
You received this bug notification
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Changed in: pam (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2069490
Title:
Possible fingerjacking vulnerability: CVE-2024-37408
To manage notifications
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
==
Ubuntu Security Notice USN-6877-1
July 04, 2024
libreoffice vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
Thanks for reporting this issue. It's a pretty odd issue, because all
the OpenSSH update did was disable a line that logged something, so I'm
not sure how it could be related to connecting from a different subnet.
Can you confirm that downgrading to the previous release fixes the
issue?
--
You
** Summary changed:
- Investigate ASLR being disabled for children
+ Investigate ASLR re-randomization being disabled for children
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2071815
Title:
Subscribing Nick, who appears to be the original delta author.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2071815
Title:
Investigate ASLR being disabled for children
To manage notifications
*** This bug is a security vulnerability ***
Public security bug reported:
The systemd-socket-activation.patch patch has an Ubuntu delta to fix bug
2011458, but this results in ASLR not being re-randomized for children
because the patch delta does "rexec_flag = 0;".
This was discovered as part
==
Ubuntu Security Notice USN-6860-1
July 02, 2024
openvpn vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
-
** Information type changed from Private Security to Public Security
** Changed in: openssh (Ubuntu Oracular)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
It looks like upstream released a follow-up commit to fix this issue, or
one similar to it:
https://github.com/OpenPrinting/cups/commit/145b946a86062aafab76c656ee9c1112bfd4f804
We will build test packages to see if this solves the regression, and if
so, we will publish updates.
** Also affects:
==
Ubuntu Security Notice USN-6852-1
June 26, 2024
wget vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6843-1
June 26, 2024
plasma-workspace vulnerability
==
A security issue affects these releases of Ubuntu and its
==
Ubuntu Security Notice USN-6853-1
June 26, 2024
ruby2.7, ruby3.0, ruby3.1 vulnerability
==
A security issue affects these releases of Ubuntu and its
I have built packages in the security team proposed PPA for testing.
Additional packages required no-change rebuilds in the -security pocket
also. For Jammy, the additional packages are breeze, libksysguard,
layer-shell-qt, kwin, kwayland-server. For Focal, the additional
packages are kwin and
ACK on the debdiffs, packages are building now!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067742
Title:
[SRU] CVE-2024-36041 Fix ksmserver: Unauthorized users can access
session manager
To
==
Ubuntu Security Notice USN-6836-1
June 17, 2024
sssd vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6838-1
June 17, 2024
ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities
==
A security issue affects these releases of
==
Ubuntu Security Notice USN-6837-1
June 17, 2024
ruby-rack vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6833-1
June 13, 2024
vte2.91 vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6830-1
June 12, 2024
libndp vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6823-1
June 11, 2024
mysql-8.0 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6815-1
June 06, 2024
aom vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6814-1
June 06, 2024
libvpx vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6567-2
June 06, 2024
qemu regression
==
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu
In response to comment #7, I have no issue releasing a security update
regression fix for focal and jammy that relaxes the CVE fix for sockets
since that is a change in behaviour. Let me know once the proposed patch
has been successfully tested to resolve the issue.
--
You received this bug
This is the upstream commit which introduced the change in behaviour:
https://gitlab.com/qemu-
project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda
There is no subsequent fix to the new restrictions, and the only more
recent commit is one to deprecate the whole proxy backend:
==
Ubuntu Security Notice USN-6801-1
May 30, 2024
python-pymysql vulnerability
==
A security issue affects these releases of Ubuntu and its
==
Ubuntu Security Notice USN-6802-1
May 30, 2024
postgresql-14, postgresql-15, postgresql-16 vulnerability
==
A security issue affects these releases
==
Ubuntu Security Notice USN-6794-1
May 28, 2024
frr vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
-
These were all released:
https://ubuntu.com/security/notices/USN-6789-1
** Changed in: libreoffice (Ubuntu Focal)
Status: In Progress => Fix Released
** Changed in: libreoffice (Ubuntu Jammy)
Status: In Progress => Fix Released
** Changed in: libreoffice (Ubuntu Mantic)
==
Ubuntu Security Notice USN-6790-1
May 28, 2024
amavisd-new vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6789-1
May 28, 2024
libreoffice vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6788-1
May 28, 2024
webkit2gtk vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6791-1
May 28, 2024
unbound vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059852
Title:
Invalid free called during libfreetype FT_Done_Glyph
To manage
Adding gnome-session as this is where the logic exists.
I don't see any changes in the latest gnome-session script. Could you
please file a bug with the upstream gnome-session developers here?:
https://gitlab.gnome.org/GNOME/gnome-session/-/issues
Thanks!
** Also affects: gnome-session
** Changed in: linux (Ubuntu)
Status: New => Invalid
** Changed in: network-manager-pptp (Ubuntu)
Status: New => Won't Fix
** Changed in: ubuntu-release-notes
Status: New => Fix Released
** Changed in: pptp-linux (Ubuntu)
Status: New => Confirmed
--
You received
** Changed in: openjdk-22 (Ubuntu)
Status: Triaged => Fix Committed
** Changed in: openjdk-22 (Ubuntu)
Status: Fix Committed => Fix Released
** Changed in: openjdk-23 (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of
** Changed in: mate-desktop (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058434
Title:
leakage of private information through window list preview
To
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
** Tags added: community-security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2063055
Title:
Boot failure 24.04
To manage notifications about this bug go to:
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065678
Title:
nvidia-graphics-drivers-545 package fails to launch
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
==
Ubuntu Security Notice USN-6785-1
May 23, 2024
gnome-remote-desktop vulnerability
==
A security issue affects these releases of Ubuntu and its
Since they are new upstream versions, and are already going through the
SRU process, I'll wait until they are verified-done, and I will do a no-
change rebuild of them into the -security pocket.
Does that sound reasonable? Thanks!
--
You received this bug notification because you are a member
Thanks for the debdiffs, I will prepare packages in the security PPA and
will comment back
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065728
Title:
CVE-2024-3044
To manage notifications about
==
Ubuntu Security Notice USN-6772-1
May 14, 2024
strongswan vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6768-1
May 09, 2024
glib2.0 vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6763-1
May 07, 2024
libvirt vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6759-1
April 29, 2024
freerdp3 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6729-3
April 29, 2024
apache2 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6718-3
April 29, 2024
curl vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6737-2
April 29, 2024
glibc vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
==
Ubuntu Security Notice USN-6734-2
April 29, 2024
libvirt vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6733-2
April 29, 2024
gnutls28 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
ACK on the debdiffs. Uploaded for processing by the SRU team. Thanks!
** Changed in: openscap (Ubuntu Focal)
Status: New => In Progress
** Changed in: openscap (Ubuntu Jammy)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs,
==
Ubuntu Security Notice USN-6752-1
April 25, 2024
freerdp2 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6749-1
April 24, 2024
freerdp2 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
The regression fix has now been published:
https://ubuntu.com/security/notices/USN-6728-3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060880
Title:
squid crashes after update to
==
Ubuntu Security Notice USN-6728-3
April 23, 2024
squid vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
That is pretty odd, I can't reproduce this issue on jammy.
what's the output of "ldd /lib/x86_64-linux-
gnu/libwebkit2gtk-4.0.so.37"?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062916
Title:
Thanks for testing it, it's much appreciated!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060880
Title:
squid crashes after update to 4.10-1ubuntu1.10
To manage notifications about this bug go
I have located the issue and have prepared an updated package that will
reintroduce the fixes for CVE-2023-5824. I have uploaded the updated
package to the security team PPA here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
Once it has finished building, could
==
Ubuntu Security Notice USN-6737-1
April 18, 2024
glibc vulnerability
==
A security issue affects these releases of Ubuntu and its derivatives:
-
That's good to see!
Since this is a deliberate side-effect of the security change, I am
marking this bug as "invalid". Thanks
** Changed in: apache2 (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
I think this is actually the correct new behaviour for the security
update...could you please try using ap_trust_cgilike_cl as instructed
here:
https://bz.apache.org/bugzilla/show_bug.cgi?id=68872
** Bug watch added: bz.apache.org/bugzilla/ #68872
Thanks for testing, I'll keep digging...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061816
Title:
apache2 2.4.41-4ubuntu3.17 defaults to transfer-encoding=chunked where
this is undesired
To
I have uploaded a package with a possible fix to the security team PPA
here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
Once it's finished building, could you please give it a try and see if
it solves the issue for you? If so, I will publish it as a security
I believe I've spotted the regression and will have a package to test
soon.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061816
Title:
apache2 2.4.41-4ubuntu3.17 defaults to
Thanks for filing this bug, I'll investigate the changes and will report
back.
Have you seen this behaviour on anything other than focal?
** Changed in: apache2 (Ubuntu)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Information type changed from Public to Public Secur
==
Ubuntu Security Notice USN-6733-1
April 15, 2024
gnutls28 vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
==
Ubuntu Security Notice USN-6732-1
April 15, 2024
webkit2gtk vulnerabilities
==
A security issue affects these releases of Ubuntu and its
==
Ubuntu Security Notice USN-6734-1
April 15, 2024
libvirt vulnerabilities
==
A security issue affects these releases of Ubuntu and its derivatives:
There are packages for focal, jammy, and mantic available for testing in
the security team PPA here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
If they work in your environment, please mention it in this bug. Thanks!
--
You received this bug notification
1 - 100 of 13836 matches
Mail list logo