This bug was fixed in the package ntp - 1:4.2.6.p3+dfsg-1ubuntu3.7
---
ntp (1:4.2.6.p3+dfsg-1ubuntu3.7) precise; urgency=medium
* Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
fix logic in ntpd/ntp_io.c
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.6
---
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.6) trusty; urgency=medium
* Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
fix logic in nt
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu6.3
---
ntp (1:4.2.6.p5+dfsg-3ubuntu6.3) vivid; urgency=medium
* Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
fix logic in ntpd/ntp_io.c (
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To
** Tags removed: verification-done
** Tags added: verification-done-trusty verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket cod
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To
I've been using the -proposed package on 15 Trusty machines since it was
published. Again, I never was able to reproduce the original problem but
I saw no regression either.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.
Hello Eric, or anyone else affected,
Accepted ntp into vivid-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu6.3 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https:/
Hello Eric, or anyone else affected,
Accepted ntp into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu2.14.04.6 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
sponsored to precise/trusty/vivid (though i'm unsure vivid is useful
since it's not the current stable)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing s
** Tags added: sts
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notifications about this bug go to:
https:/
Here is the rebase debdiff for Vivid
** Patch added: "Rebase Vivid debdiff"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508498/+files/lp1481388_rebase_vivid.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
Here is the rebase debdiff for Precise
** Patch added: "Rebase Precise debdiff"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508496/+files/lp1481388_rebase_precise.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Here is the rebase debdiff for Trusty
** Patch added: "Rebase Trusty debdiff"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508494/+files/lp1481388_rebase_trusty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
** Patch removed: "debdiff for precise"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff
** Patch removed: "debdiff for trusty"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4453392/+files/l
Hi Mathew,
I have the knowledge of the code, I will rebase the debdiffs for V/T/P
Note: I checked and Xenial has the patch already.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP
I think it is probably necessary to rebase the debdiffs on the new
versions in case there are any confilcts. There were a lot of changes as
you can see here http://www.ubuntu.com/usn/usn-2783-1/ .
I don't have direct knowledge of the code though.
--
You received this bug notification because you
Good evening Mathew,
Does it mean I need to re-do the debdiffs ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To man
This SRU has been shadowed by a security update and needs to be re-
merged.
** Changed in: ntp (Ubuntu Precise)
Status: Fix Committed => In Progress
** Changed in: ntp (Ubuntu Trusty)
Status: Fix Committed => In Progress
** Changed in: ntp (Ubuntu Vivid)
Status: Fix Committe
Good evening Chris,
This bug has been brought to my attention by someone in the community.
Unfortunately, I never had a confirmation from him if the fix solve his
issue or not... but as state in comment #5 & #11, I've been able to
reproduce the problem and make sure it addressed the situation.
Th
Has anyone who was able to reproduce the original crash tested the
packages from trusty-proposed (or precise or vivid) to check that the
crash is actually fixed?
It's good that it doesn't seem to regress anything, but we also want to
know whether it *fixes* anything :)
--
You received this bug n
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To
Eric, I've been running the proposed version on many systems and haven't
found any regression. Do you think this would be ready to move on to
-updates now?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs
Eric, I don't know if that's a good test case but on my patched Trusty
box:
root@xeon:~# uname -a
Linux xeon 3.13.0-63-generic #103-Ubuntu SMP Fri Aug 14 21:42:59 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
root@xeon:~# sysctl net.core.wmem_max=4650
net.core.wmem_max = 4700
root@xeon:~# sys
Simon, you may want to add a few ethernet interfaces and static routes.
I was able to reproduce it with ~6 network interface.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use
Err, I meant I couldn't reproduce the issue with and without the patch.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
I tried to reproduce the problem by lowering {r,w}mem_max on Precise and
Trusty's *unpatched* version to no avail. On the up side, I couldn't
find any regression with the update version.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: ntp (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To ma
** Branch linked: lp:ubuntu/vivid-proposed/ntp
** Branch linked: lp:ubuntu/precise-proposed/ntp
** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/ntp/trusty-proposed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.laun
Hello Eric, or anyone else affected,
Accepted ntp into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu2.14.04.4 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Launchpad has imported 8 comments from the remote bug at
http://bugs.ntp.org/show_bug.cgi?id=2224.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad
** Branch linked: lp:ubuntu/ntp
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notifications about this bug g
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu7
---
ntp (1:4.2.6.p5+dfsg-3ubuntu7) wily; urgency=medium
* Fix use-after-free in routing socket code (LP: #1481388)
- debian/patches/use-after-free-in-routing-socket.patch
fix logic in ntpd/ntp_io.c
* Fix to
ACK on the debdiffs, thanks!
I've slightly modified the whitespace in the changelog and have added
the bug number, and have uploaded it to wily, and to the other releases
for processing by the SRU team.
** Tags removed: verification-done
** Changed in: ntp (Ubuntu Wily)
Status: In Progre
** Bug watch added: Debian Bug tracker #795315
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315
** Also affects: ntp (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315
Importance: Unknown
Status: Unknown
** Bug watch added: bugs.ntp.org/ #2224
http://bu
** Changed in: ntp (Ubuntu Wily)
Importance: Low => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage
debdiff for wily
** Patch added: "debdiff for wily"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456187/+files/lp1481388_wily.debdiff
** Changed in: ntp (Ubuntu Wily)
Status: Confirmed => In Progress
--
You received this bug notification because you a
debdiff for vivid
** Patch added: "debdiff for vivid"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
** Patch removed: "debdiff for Vivid"
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bu
debdiff for Vivid
** Patch added: "debdiff for Vivid"
https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff
** Changed in: ntp (Ubuntu Vivid)
Status: Confirmed => In Progress
** Changed in: ntp (Ubuntu Vivid)
Importanc
debdiff for trusty
** Patch added: "1:4.2.6.p5+dfsg-3ubuntu2.14.04.4"
https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff
** Changed in: ntp (Ubuntu Trusty)
Status: Confirmed => In Progress
** Changed in: ntp (Ubuntu T
I also noticed the situation can be reproduced at boot if the value of
"net.core.rmem_default" is too low.
I reproduced it by only lowering the "net.core.rmem_default = 2000"
value with 6 network interface at boot.
ntpd[851]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
nt
The attachment "debdiff for precise" seems to be a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and i
debdiff for precise
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notifications about this bug go to:
https:
debdiff for precise
** Description changed:
+ [Impact]
+
+ * User experienced repeated segfaults at the same instruction pointer
+
+ i/o error on routing socket No buffer space available - disabling
+ segfault at 31 ip 0031 sp 79f11788 error 14 in
libpthread-2.15.so[7f967
debdiff for precise
** Patch added: "debdiff for precise"
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
debdiff for precise
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notifications about this bug go to:
https:
** Changed in: ntp (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: ntp (Ubuntu Vivid)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
** Changed in: ntp (Ubuntu Precise)
Assignee: (unassigned) => Eric Desrochers (eric-desrochers-z)
** Changed in: ntp (Ubuntu Vivid)
Assignee: (unassigned) => Eric Desrochers (eric-desrochers-z)
** Changed in: ntp (Ubuntu Precise)
Status: New => Confirmed
--
You received this bu
** Also affects: ntp (Ubuntu Vivid)
Importance: Undecided
Status: New
** Also affects: ntp (Ubuntu Precise)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.n
I was able to reproduce the problem on PRECISE (12.04) by lowering the
kernel parameter value "net.core.rmem_max".
And then test my .deb build on my PPA[1] with the following upstream
commits :
- d6df9d3 [Bug 2224] Use-after-free in routing socket code after dropping root.
- db47bd4 [Bug 2890] Ig
Unfortunately, I can't reproduce the behaviour on my side.
I'm providing a hotfix[1] based on the upstream commit[2] that addressed the
issue.
If you can reproduce the problem, please test the hotfix and provide
feedbacks.
[1] https://launchpad.net/~eric-desrochers-z/+archive/ubuntu/lp1481388/+p
** Changed in: ntp (Ubuntu Trusty)
Assignee: (unassigned) => eric.desrochers (eric-desrochers-z)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing soc
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ntp (Ubuntu Trusty)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ntp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP :
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after dropping root
To manage notificatio
** Also affects: ntp (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: ntp (Ubuntu Wily)
Importance: Low
Assignee: eric.desrochers (eric-desrochers-z)
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is sub
** Changed in: ntp (Ubuntu)
Milestone: ubuntu-12.04.5 => trusty-updates
** Changed in: ntp (Ubuntu)
Milestone: trusty-updates => None
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Tit
The remove_ and delete_ functions remove the current element from the
asyncio_reader_list, and free it, respectively.
We then return back to the loop at the top, wherein the asyncio_reader variable
still points at the now-freed element,
whose contents are now scrambled by having link pointers, et
** Changed in: ntp (Ubuntu)
Importance: Undecided => Low
** Changed in: ntp (Ubuntu)
Milestone: None => ubuntu-12.04.5
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-
60 matches
Mail list logo