[Bug 1467606] Re: EVAL Lua Sandbox Escape (CVE-2015-4335 / DSA-3279)
(no longer expired per #3) ** Changed in: redis (Ubuntu) Status: Expired => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1467606 Title: EVAL Lua Sandbox Escape (CVE-2015-4335 / DSA-3279) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1467606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1467606] Re: EVAL Lua Sandbox Escape (CVE-2015-4335 / DSA-3279)
I've attached a debdiff that upgrades the package from 2.8.4, released in Jan 2014, to 2.8.24, which was released in Dec 2015. The most crucial change is the critical fix for the CVE mentioned in this thread, which was introduced in redis 2.8.21. Between 2.8.4 and 2.8.24, 6 updates are marked CRITICAL urgency and 12 updates are marked HIGH urgency. These versions appear to be compatible except for a minor API modification introduced in 2.8.14: "* [NEW] **WARNING, minor API change**: PUBSUB NUMSUB: return type modified to integer. (Matt Stancliff)" Debian has included this change in their stable updates, however. The dependecy on jemalloc was upgraded to jemalloc 3.6.0 as of redis 2.8.12. It is probably wise to sync down jemalloc 3.6.0 from Debian jessie: https://packages.debian.org/source/jessie/jemalloc (I understand this suggestion should be filed as a separate report on the jemalloc launchpad). Currently jemalloc 3.5.1 is in the trusty repos; 3.6.0 claims to provide an important fix for a crasher and should probably be brought down, but doesn't appear to introduce any modifications that would affect redis's functionality. "make test" runs without issue. All tests pass. I am running the binaries built from this package without issue now. This upgrade is badly needed. CVE-2015-4335 is being actively exploited in the wild. Please let me know what else is needed to proceed. ** Attachment added: "debdiff redis 2.8.4-2 -> 2.8.24-1" https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1467606/+attachment/4784944/+files/redis.debdiff.gz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1467606 Title: EVAL Lua Sandbox Escape (CVE-2015-4335 / DSA-3279) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1467606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1645939] [NEW] Sync jemalloc-3.6.0-3 from Debian jessie
Public bug reported: Similar to #1296155, 3.6.0 includes important crash fixes and no other incompatible changes. It's also the version expected by redis 2.8.x since mid-2014. Syncing down the Debian package (https://packages.debian.org/source/jessie/jemalloc) will not only fix the critical crasher identified in the upstream jemalloc changelog, but also improve compatibility with more recent versions of redis (which will hopefully be merged soon), including a version that includes a critical security fix. ** Affects: jemalloc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1645939 Title: Sync jemalloc-3.6.0-3 from Debian jessie To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jemalloc/+bug/1645939/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1645939] Re: Sync jemalloc-3.6.0-3 from Debian jessie
Thanks for the pointers -- I have never requested a package sync before, so it's good to know there is a procedure to reference in the future. I should have been more specific in my original request. I'm asking specifically for 14.04 / Trusty Tahr to be synced up to the version available in jessie. The version currently in Trusty, 3.5.1-2, does *not* include an Ubuntu-specific patchset. As far as I can tell, there is no dependency issue that would allow 14.04 to utilize 3.5.1 but not 3.6.0. As 3.6.0 is available in 16.04+, perhaps that package can be backported to 14.04 instead. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1645939 Title: Sync jemalloc-3.6.0-3 from Debian jessie To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jemalloc/+bug/1645939/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1645939] Re: Sync jemalloc-3.6.0-3 from Debian jessie
On further review, it appears from the debdiff that the package uploaded to 15.04 Vivid Vervet would work fine without change in 14.04. I just installed the binary debs from vivid on my 14.04 machine without issue. If we could get that backported to the 14.04 universe repository, that'd be great. Again, 3.6.0 did not introduce any compatibility breakages with 3.5.1. According to the changelog, it just fixes a critical crasher and a few other bugs. The changelog tagline reads "This version contains a critical bug fix for a regression present in 3.5.0 and 3.5.1.". 3.6.0 is expected by a version of Redis 2.8 that includes its own critical security fix, and it'd be great if we could get both in 14.04. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1645939 Title: Sync jemalloc-3.6.0-3 from Debian jessie To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jemalloc/+bug/1645939/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1467606] Re: EVAL Lua Sandbox Escape (CVE-2015-4335 / DSA-3279)
As a long-time user of both Ubuntu and Debian, I understand that typically, new major upstream versions do not get inserted into stable releases. My personal experience is that microversion bumps are frequently brought into the stable releases, and section 2.3 of the linked page seems to describe the process for that in detail. I believe redis meets at least 3 of the 4 criteria listed on that page (I don't know if the package has an "autopkgtest" component). The worst incompatibility is the PUBSUB response was changed from a string to an integer in 2.8.13. I would hope that isn't an excuse to keep trusty on an ancient version; if it presents a problem for upgrading, it would seem best to *revert* that individual patch for API consistency rather than keeping the whole package back on a release with numerous major problems, including active security problems. Per the page linked, I understand that the stable release team has the final input into whether a package gets microversion bumps (such as this one, 2.8.4 -> 2.8.24). I just want to clarify that I'm aware of the release process and that I believe in this case, the microversion bump is not only justified but needed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1467606 Title: EVAL Lua Sandbox Escape (CVE-2015-4335 / DSA-3279) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1467606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 943263]
Seeing this here on an Acer Aspire am3470g-uw10p with Radeon HD 6530D. The vga output dies as soon as radeon with KMS is loaded. In process of acquiring HDMI cable to test with HDMI output. I have tried with 3.3.1 and 3.3.2 and same problem. Using xorg 1.12.1, xf86-video-ati 6.14.4, ati-dri/mesa 8.0.2 on brand new Arch Linux. Also tried Ubuntu 11.10 Live CD and same results. Adding vga=775 radeon.modeset=0 to kernel boot line gives me a usable console interface and Xorg will actually start that way, but Xorg display is highly corrupted with bands of bright green and red lines. Ubuntu 12.04 beta 2 gives same result except that it can successfully start a non-corrupted (but incorrect resolution) Xorg server with the kernel boot line above. I have an identical snippet in my dmesg as the one posted by Mandeep Baines above. This bug is marked fixed for Ubuntu in Launchpad ( https://bugs.launchpad.net/ubuntu/+source/linux/+bug/825777 ) but it doesn't work with a fully up-to-date Arch Linux. I haven't had occasion to try the specific Ubuntu kernel build (3.0.0-17.30) cited as resolving the problem (and it seems to be based on one positive result) and I don't seem to see a patch that would be applicable to a mainline kernel. lspci: VGA compatible controller: Advanced Micro Devices [AMD] nee ATI BeaverCreek [Radeon HD 6530D] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/943263 Title: PC display will not turn on with Llano APUs connected to the VGA port To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/943263/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 943263]
So it turns out the monitor didn't have an HDMI input. The only way I could get it working without an HDMI-DVI cable was to downgrade to Xorg 1.11 and install Catalyst. I'm looking forward to the arrival of an HDMI-capable monitor at that station so I can test the open-source driver more thoroughly (get some quite annoying crashes with Catalyst). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/943263 Title: PC display will not turn on with Llano APUs connected to the VGA port To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/943263/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1395182]
Thanks for that Chris. Is there a recent patch I can try that is perhaps less "sketchy and completely broken"? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1395182 Title: Screen tears on xrandr orientation inverted To manage notifications about this bug go to: https://bugs.launchpad.net/xserver-xorg-video-intel/+bug/1395182/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1329940] Re: No keyboard nor mouse after boot, login impossible
I encounter this occasionally on 14.10 and a Thinkpad S1 Yoga. I sometimes have to reboot three times in a row until I get a login that makes my keyboard and/or mouse begin to function. Putting the laptop into sleep and taking it out sometimes seems to work too. The touchscreen always works, so I can login and run diagnostics with the onboard keyboard if necessary. I also have SSH set up so I can connect from another computer to run diagnostics. uname -a: Linux jeff-yoga 3.16.0-25-generic #33-Ubuntu SMP Tue Nov 4 12:06:54 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1329940 Title: No keyboard nor mouse after boot, login impossible To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1329940/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1395182]
I believe FBC is disabled. Here's what I found in /sys: jeff@jeff-yoga:~$ sudo cat /sys/kernel/debug/dri/0/i915_fbc_status FBC disabled: disabled per chip default jeff@jeff-yoga:~$ sudo cat /sys/kernel/debug/dri/64/i915_fbc_status FBC disabled: disabled per chip default -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1395182 Title: Screen tears on xrandr orientation inverted To manage notifications about this bug go to: https://bugs.launchpad.net/xserver-xorg-video-intel/+bug/1395182/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1395182] [NEW] Screen tears on xrandr orientation inverted
Public bug reported: When xrandr -o inverted is run, the resulting image is split down the middle. This happens 95% of the time; it has worked once or twice without tearing. Rotation can be activated through unity-control-center Display Settings rotation field, and that reliably works fine. When xrandr -o normal is run, the display returns to normal (although bug #1376760 is observed). xrandr -o right and xrandr -o left also reliably work without issue; this only occurs on xrandr -o inverted. The same behaviors are observed with the longer form of the command xrandr --output eDP1 --rotation inverted, etc. This has also been reported at https://github.com/pfps/yoga- laptop/issues/28, which uses xrandr commands to invert the display. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: xserver-xorg-video-intel 2:2.99.914-1~exp1ubuntu4.1 ProcVersionSignature: Ubuntu 3.16.0-24.32-generic 3.16.4 Uname: Linux 3.16.0-24-generic x86_64 .tmp.unity.support.test.0: ApportVersion: 2.14.7-0ubuntu8 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: compiz CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0' CompositorUnredirectFSW: true CurrentDesktop: Unity Date: Fri Nov 21 15:09:03 2014 DistUpgraded: Fresh install DistroCodename: utopic DistroVariant: ubuntu ExtraDebuggingInterest: Yes GraphicsCard: Intel Corporation Haswell-ULT Integrated Graphics Controller [8086:0a16] (rev 0b) (prog-if 00 [VGA controller]) Subsystem: Lenovo Device [17aa:2217] InstallationDate: Installed on 2014-11-21 (0 days ago) InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1) MachineType: LENOVO 20CDCTO1WW ProcEnviron: LANGUAGE=en_US PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.16.0-24-generic.efi.signed root=UUID=d032fffc-748c-4ea7-9e61-3c53648c9e27 ro quiet splash vt.handoff=7 SourcePackage: xserver-xorg-video-intel UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 09/09/2014 dmi.bios.vendor: LENOVO dmi.bios.version: B0ET22WW (1.09) dmi.board.asset.tag: Not Available dmi.board.name: 20CDCTO1WW dmi.board.vendor: LENOVO dmi.board.version: SDK0E50512 Std dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Not Available dmi.modalias: dmi:bvnLENOVO:bvrB0ET22WW(1.09):bd09/09/2014:svnLENOVO:pn20CDCTO1WW:pvrThinkPadS1Yoga:rvnLENOVO:rn20CDCTO1WW:rvrSDK0E50512Std:cvnLENOVO:ct10:cvrNotAvailable: dmi.product.name: 20CDCTO1WW dmi.product.version: ThinkPad S1 Yoga dmi.sys.vendor: LENOVO version.compiz: compiz 1:0.9.12+14.10.20140918-0ubuntu1 version.ia32-libs: ia32-libs N/A version.libdrm2: libdrm2 2.4.56-1 version.libgl1-mesa-dri: libgl1-mesa-dri 10.3.0-0ubuntu3 version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A version.libgl1-mesa-glx: libgl1-mesa-glx 10.3.0-0ubuntu3 version.xserver-xorg-core: xserver-xorg-core 2:1.16.0-1ubuntu1 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.9.0-1ubuntu2 version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.4.0-2ubuntu2 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.914-1~exp1ubuntu4.1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.11-1ubuntu2 xserver.bootTime: Fri Nov 21 14:47:30 2014 xserver.configfile: default xserver.errors: Wacom ISDv4 EC Pen stylus: Invalid type 'cursor' for this device. Wacom ISDv4 EC Pen stylus: Invalid type 'touch' for this device. Wacom ISDv4 EC Pen stylus: Invalid type 'pad' for this device. xserver.logfile: /var/log/Xorg.0.log xserver.outputs: product id1079 vendor LGD xserver.version: 2:1.16.0-1ubuntu1 ** Affects: xserver-xorg-video-intel (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug compiz-0.9 ubuntu utopic ** Attachment added: "screenshot of tearing effect" https://bugs.launchpad.net/bugs/1395182/+attachment/4265292/+files/Screenshot%20from%202014-11-21%2015%3A06%3A51.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1395182 Title: Screen tears on xrandr orientation inverted To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-intel/+bug/1395182/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1395182] Re: Screen tears on xrandr orientation inverted
** Bug watch added: freedesktop.org Bugzilla #86548 https://bugs.freedesktop.org/show_bug.cgi?id=86548 ** Also affects: xserver-xorg-video-intel via https://bugs.freedesktop.org/show_bug.cgi?id=86548 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1395182 Title: Screen tears on xrandr orientation inverted To manage notifications about this bug go to: https://bugs.launchpad.net/xserver-xorg-video-intel/+bug/1395182/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1055678] Re: gnome-shell crashed with signal 5
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055678 Title: gnome-shell crashed with signal 5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1055678/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1049887] [NEW] QNativeImage: Unable to attach to shared memory segment.
Public bug reported: Ubuntu 12.10 3.5.0-14-generic #16-Ubuntu SMP Mon Sep 10 22:05:16 UTC 2012 i686 i686 i686 GNU/Linux All this latest updates On starting the app I receive this: (python2.7:12955): Gtk-CRITICAL **: IA__gtk_widget_style_get: assertion `GTK_IS_WIDGET (widget)' failed QNativeImage: Unable to attach to shared memory segment. then the windows will just blink and freeze every thing till the app is killed. let me know if you need anything else. ** Affects: calibre (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1049887 Title: QNativeImage: Unable to attach to shared memory segment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1049887/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1049887] Re: QNativeImage: Unable to attach to shared memory segment.
Sorry this is on a fresh install so it goes through the set up wizard so after the wizard is complete this happens. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1049887 Title: QNativeImage: Unable to attach to shared memory segment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/calibre/+bug/1049887/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 843769] Re: evolution not start
Same issue Package: evolution Architecture: i386 Versions: 3.1.5-0ubuntu2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/843769 Title: evolution not start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/843769/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
