Ubuntu
kwallet-pam package

Security upgrade causes lost of wallet

Bug #1769187 reported by Hynek Vychodil
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
kwallet-pam (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Security upgrade
[UPGRADE] libpam-kwallet-common:amd64 4:5.10.5-0ubuntu1 -> 4:5.10.5-0ubuntu1.1
[UPGRADE] libpam-kwallet5:amd64 4:5.10.5-0ubuntu1 -> 4:5.10.5-0ubuntu1.1
Caused crash of plasma desktop (It means kwindow decoration disappeared, panels become inactive, taskmanager become inactive - click on task bar does nothing, start menu is inactive ...)
After restart, kwallet open dialog doesn't appear.
Wifi dosen't connect (beacuse there is nowhere get password of course).
Kwallet manager when starterted by application launcher (Alt+F2) dosen' show my wallet.
Google chrome doesn't log to my account.
and so on.

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: libpam-kwallet5 4:5.10.5-0ubuntu1.1
ProcVersionSignature: Ubuntu 4.13.0-39.44-generic 4.13.16
Uname: Linux 4.13.0-39-generic x86_64
ApportVersion: 2.20.7-0ubuntu3.8
Architecture: amd64
Date: Fri May 4 17:20:35 2018
InstallationDate: Installed on 2017-11-09 (176 days ago)
InstallationMedia: Kubuntu 17.10 "Artful Aardvark" - Release amd64 (20171017.1)
SourcePackage: kwallet-pam
UpgradeStatus: No upgrade log present (probably fresh install)

CVE References

Revision history for this message
Hynek Vychodil (vychodil-hynek) wrote :
Revision history for this message
Hynek Vychodil (vychodil-hynek) wrote :

As a bonus, Kwallet Manager becomes very irresponsive. It takes second to an interior of KWallet Manager draw (it starts showing a content of the windows bellow where window appear and takes second to empty window with the only menu appear).

Revision history for this message
Hynek Vychodil (vychodil-hynek) wrote :
Revision history for this message
Hynek Vychodil (vychodil-hynek) wrote :

There are missing all wallets in KWallet system settings.

Revision history for this message
Hynek Vychodil (vychodil-hynek) wrote :

Fortunately, it is possible to install older package and all works as expected.
aptitude install libpam-kwallet5=4:5.10.5-0ubuntu1 libpam-kwallet-common=4:5.10.5-0ubuntu1

Please remove the buggy version from the repository!

Revision history for this message
Josue (josue-tille) wrote :

Hello,

I have the same issue.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in kwallet-pam (Ubuntu):
status: New → Confirmed
Revision history for this message
Josue (josue-tille) wrote :

Sorry, it's also on ubuntu 16.04

Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks for the report, and sorry for the regression. I see the original reporter is on 17.10. Can people confirm that they are also seeing this as a result of the corresponding 18.04 and 16.04 updates?

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kwallet-pam - 4:5.10.5-0ubuntu1.2

---------------
kwallet-pam (4:5.10.5-0ubuntu1.2) artful-security; urgency=medium

  * REGRESSION UPDATE: revert CVE-2018-10380 fixes in
    4:5.12.4-0ubuntu1.1, as it caused people to lose wallets
    (LP: #1769187)
    - drop fix-CVE-2018-10380-1.patch and fix-CVE-2018-10380-2.patch

 -- Steve Beattie <email address hidden> Fri, 04 May 2018 10:05:36 -0700

Changed in kwallet-pam (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kwallet-pam - 4:5.12.4-0ubuntu1.2

---------------
kwallet-pam (4:5.12.4-0ubuntu1.2) bionic-security; urgency=medium

  * REGRESSION UPDATE: revert CVE-2018-10380 fixes in
    4:5.12.4-0ubuntu1.1, as it caused people to lose wallets
    (LP: #1769187)
    - drop fix-CVE-2018-10380-1.patch and fix-CVE-2018-10380-2.patch

 -- Steve Beattie <email address hidden> Fri, 04 May 2018 09:59:02 -0700

Changed in kwallet-pam (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
vip (piotr-budny) wrote :

libpam-kwallet5_5.12.4-0ubuntu1.2_amd64.deb libpam-kwallet4_5.12.4-0ubuntu1.2_amd64.deb libpam-kwallet-common_5.12.4-0ubuntu1.2_all.deb

for Bionic seems fine and fixes.

Revision history for this message
Michael Skelton (sk3l) wrote :

Bumped into this issue, and I updated with the recently released patch. My wallet is accessible again, and kwallet is back to normal operation. Fix looks good.

Revision history for this message
Josue (josue-tille) wrote :

Hello,

Will you provide a patch for ubuntu 16.04 (Xenial) ?

Revision history for this message
Steve Beattie (sbeattie) wrote :

Hi Josue,

I'm not sure why Launchpad didn't report it here, but the problematic patches were reverted for xenial in 4:5.5.5-0ubuntu1.2 (https://launchpad.net/ubuntu/+source/kwallet-pam/4:5.5.5-0ubuntu1.2).

Thanks.

Revision history for this message
Hynek Vychodil (vychodil-hynek) wrote :

I confirm an upgrade to 4:5.10.5-0ubuntu1.2 seems working fine for me.

[UPGRADE] libpam-kwallet-common:amd64 4:5.10.5-0ubuntu1 -> 4:5.10.5-0ubuntu1.2
[UPGRADE] libpam-kwallet5:amd64 4:5.10.5-0ubuntu1 -> 4:5.10.5-0ubuntu1.2

Distributor ID: Ubuntu
Description: Ubuntu 17.10
Release: 17.10
Codename: artful

Revision history for this message
Josue (josue-tille) wrote :

Hello,

Ok on my side (ubuntu 16.04). Thank you

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.