| 2019-11-04 16:49:46 |
Romain Naour |
bug |
|
|
added bug |
| 2019-11-04 16:52:06 |
Romain Naour |
tags |
|
glibc |
|
| 2019-11-04 16:53:41 |
Romain Naour |
bug |
|
|
added subscriber Adam Conrad |
| 2019-11-04 16:55:11 |
Romain Naour |
bug |
|
|
added subscriber Aurelien Jarno |
| 2019-11-04 16:55:45 |
Romain Naour |
bug |
|
|
added subscriber Helmut Grohne |
| 2019-11-04 16:56:42 |
Romain Naour |
bug |
|
|
added subscriber Florian Weimer |
| 2019-11-04 16:59:28 |
Aurelien Jarno |
removed subscriber Aurelien Jarno |
|
|
|
| 2019-11-04 17:15:09 |
Helmut Grohne |
removed subscriber Helmut Grohne |
|
|
|
| 2019-11-06 18:59:54 |
Loïc Minier |
bug |
|
|
added subscriber Loïc Minier |
| 2019-12-02 11:20:37 |
Launchpad Janitor |
glibc (Ubuntu): status |
New |
Confirmed |
|
| 2020-02-03 12:14:47 |
s10 |
bug |
|
|
added subscriber s10 |
| 2020-09-09 20:50:03 |
Balint Reczey |
description |
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
|
| 2020-09-10 23:04:26 |
Steve Langasek |
glibc (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2020-09-10 23:04:28 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2020-09-10 23:04:30 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
| 2020-09-10 23:04:35 |
Steve Langasek |
tags |
glibc |
glibc verification-needed verification-needed-bionic |
|
| 2020-09-11 11:17:06 |
Balint Reczey |
description |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
* All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found.
* Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
|
| 2020-10-21 17:00:38 |
Balint Reczey |
tags |
glibc verification-needed verification-needed-bionic |
glibc verification-done-bionic verification-needed |
|
| 2020-10-21 17:00:44 |
Balint Reczey |
tags |
glibc verification-done-bionic verification-needed |
glibc verification-done verification-done-bionic |
|
| 2020-10-22 11:16:23 |
Balint Reczey |
tags |
glibc verification-done verification-done-bionic |
block-proposed glibc verification-done verification-done-bionic |
|
| 2020-10-26 12:02:07 |
Łukasz Zemczak |
tags |
block-proposed glibc verification-done verification-done-bionic |
block-proposed-bionic glibc verification-done verification-done-bionic |
|
| 2020-11-02 18:30:06 |
Łukasz Zemczak |
tags |
block-proposed-bionic glibc verification-done verification-done-bionic |
glibc verification-done verification-done-bionic |
|
| 2020-11-02 18:30:41 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2020-11-02 18:40:35 |
Launchpad Janitor |
glibc (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2020-11-02 18:40:35 |
Launchpad Janitor |
cve linked |
|
2017-18269 |
|
| 2020-11-06 15:41:20 |
Balint Reczey |
description |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
* All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found.
* Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
* All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found.
* Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
The update seem to have triggered an existing, but hiding bug in lftp: #1902832.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
|
| 2020-11-06 15:41:38 |
Balint Reczey |
description |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
* All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found.
* Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
The update seem to have triggered an existing, but hiding bug in lftp: #1902832.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
* All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found.
* Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
The update seem to have triggered an existing, but hiding bug in lftp:
LP: #1902832.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
|
| 2020-11-25 17:18:00 |
Balint Reczey |
description |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
* All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found.
* Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
The update seem to have triggered an existing, but hiding bug in lftp:
LP: #1902832.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
* All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found.
* Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
The update seem to have triggered an existing, but hiding bug in lftp:
LP: #1902832.
The update caused a regression originally observed with GLibc 2.28 in 18.10 and later releases: #1821677.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
|
| 2020-11-30 16:04:34 |
Balint Reczey |
description |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
* All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found.
* Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
The update seem to have triggered an existing, but hiding bug in lftp:
LP: #1902832.
The update caused a regression originally observed with GLibc 2.28 in 18.10 and later releases: #1821677.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
[Impact]
* Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad.
[Test Case]
* Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported.
* Observe the patch being applied at build time.
* All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found.
* Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately.
[Regression Potential]
* Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list.
The update seem to have triggered an existing, but hiding bug in lftp:
LP: #1902832.
The update caused a regression originally observed with GLibc 2.28 in 18.10 and later releases: LP: #1821677.
[Original Bug Text]
Hi,
I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application.
When starting the application it stop immediately with this error message:
"glibc detected an invalid stdio handle"
This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2].
I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29).
There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]"
But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
Here is the Glibc version used in 18.04:
$ dpkg -s libc6
[...]
Version: 2.27-3ubuntu1
Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018.
It would be great if Ubuntu 18.04 can update Glibc to the latest stable version.
Best regards,
Romain
[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
[2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
[4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 |
|
| 2021-02-02 16:32:59 |
Balint Reczey |
glibc (Ubuntu): status |
Confirmed |
Fix Released |
|
