2013-07-24 14:21:03 |
James C. West |
bug |
|
|
added bug |
2013-07-24 21:19:32 |
Serge Hallyn |
nis (Ubuntu): importance |
Undecided |
High |
|
2013-07-25 15:41:29 |
Launchpad Janitor |
nis (Ubuntu): status |
New |
Confirmed |
|
2014-01-31 17:47:41 |
Vangelis Mavromichalis |
nis (Ubuntu): assignee |
|
Vangelis Mavromichalis (ekmavr) |
|
2014-02-12 21:11:23 |
Vangelis Mavromichalis |
nis (Ubuntu): assignee |
Vangelis Mavromichalis (ekmavr) |
|
|
2014-04-23 21:56:12 |
Philip |
bug |
|
|
added subscriber Philip |
2014-04-23 22:20:30 |
Philip |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721737 |
|
2015-02-16 07:22:38 |
AG |
bug |
|
|
added subscriber AG |
2015-03-23 13:33:19 |
Bohr |
bug |
|
|
added subscriber Bohr |
2015-08-31 17:34:38 |
Gabriel A. Devenyi |
bug task added |
|
nis |
|
2015-08-31 17:34:57 |
Gabriel A. Devenyi |
bug |
|
|
added subscriber Gabriel Devenyi |
2015-09-01 00:56:59 |
Bug Watch Updater |
nis: status |
Unknown |
Fix Released |
|
2015-09-01 09:52:10 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Server Team |
2015-09-01 09:52:16 |
Robie Basak |
tags |
amd64 apport-bug raring |
amd64 apport-bug bitesize raring |
|
2015-09-01 10:10:27 |
Robie Basak |
bug task added |
|
nis (Debian) |
|
2015-09-01 10:13:02 |
William Grant |
bug task deleted |
nis |
|
|
2015-09-01 11:08:18 |
Robie Basak |
tags |
amd64 apport-bug bitesize raring |
amd64 apport-bug bitesize raring server-next |
|
2015-09-02 01:19:18 |
Bug Watch Updater |
nis (Debian): status |
Unknown |
Fix Released |
|
2015-11-03 14:19:05 |
Christian Ehrhardt |
nis (Ubuntu): assignee |
|
ChristianEhrhardt (paelzer) |
|
2015-11-03 14:19:31 |
Christian Ehrhardt |
nis (Ubuntu): status |
Confirmed |
In Progress |
|
2015-12-02 19:10:20 |
Launchpad Janitor |
nis (Ubuntu): status |
In Progress |
Fix Released |
|
2016-01-29 14:09:33 |
Micha Ober |
bug |
|
|
added subscriber Micha Ober |
2016-03-23 12:33:17 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Trusty |
|
2016-03-23 12:33:17 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Wily |
|
2016-03-23 12:44:17 |
Christian Ehrhardt |
attachment added |
|
Debdiff for Trusty https://bugs.launchpad.net/ubuntu/+source/nis/+bug/1204530/+attachment/4608491/+files/bug-1204530-SRU-nis_3.17-32ubuntu6-to-nis_3.17-32ubuntu7.debdiff |
|
2016-03-23 12:44:46 |
Christian Ehrhardt |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2016-06-23 14:26:06 |
Robie Basak |
bug task added |
|
nis (Ubuntu Trusty) |
|
2016-06-23 14:26:50 |
Christian Ehrhardt |
description |
Sample output from a client (output is identical if run on the server):
$ yppasswd
Changing NIS account information for <user> on <server>.
Please enter old password:
Changing NIS password for <user> on <server>.
Please enter new password:
Segmentation fault (core dumped)
$
This setup worked fine with the 12.04 LTS release. I've purged package nis a number of times and reinstalled and still get the same behavior. I've also removed a slave server from the network and reconfigured nis and still get the same behavior.
I thought about listing this as a security vulnerability since the users cannot change their passwords.
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: nis 3.17-32ubuntu5
ProcVersionSignature: Ubuntu 3.8.0-26.38-generic 3.8.13.2
Uname: Linux 3.8.0-26-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Wed Jul 24 09:07:09 2013
InstallationDate: Installed on 2010-05-24 (1156 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
MarkForUpload: True
SourcePackage: nis
UpgradeStatus: Upgraded to raring on 2013-05-19 (65 days ago) |
[Impact]
* The bug is a segfault on yppasswd rendering users unable to change their passwords
* justification for the SRU is the continued request by users and the fact that it is a very minimal change
* the fix ensures that a lib accessing data unconditionally only gets called if the values are properly initialized
[Test Case]
* install nis
* Config in /etc/default/nis: NISSERVER=master
* Config in /etc/yp.conf: ypserver 127.0.0.1
* Initialize with
$ sudo /usr/lib/yp/ypinit -m
$ restart rpcbind
* Test if your config works
$ ypcat passwd
should show something like
ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
* Trigger the bug
$ yppasswd -p ubuntu
Changing NIS account information for ubuntu on wily.localdomain.
Please enter root password:
Changing NIS password for ubuntu on wily.localdomain.
Please enter new password:
Segmentation fault (core dumped)
[Regression Potential]
* While it is assumed to not regress, if it does it is affected to break yppasswd even more (and while more than a segfault is hard to imagine I mean it might even break for those people that today got around it by some complex and weird workarounds.)
* The code is only local to the tool yppasswd and it is not part of a lib or so, so the impact - if any - should stay local
[Other Info]
* I really want to encourage the users reporting it being important to them testing it once in proposed to have more than just my tests.
* I wanted to nominate to be able to keep tracking Wily as Fix Released and Trusty as pending but that doesn't seem to work.
It would be great if the Sponsor with the proper permissions could also set the proper "Affects" status for those two releases
Sample output from a client (output is identical if run on the server):
$ yppasswd
Changing NIS account information for <user> on <server>.
Please enter old password:
Changing NIS password for <user> on <server>.
Please enter new password:
Segmentation fault (core dumped)
$
This setup worked fine with the 12.04 LTS release. I've purged package nis a number of times and reinstalled and still get the same behavior. I've also removed a slave server from the network and reconfigured nis and still get the same behavior.
I thought about listing this as a security vulnerability since the users cannot change their passwords.
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: nis 3.17-32ubuntu5
ProcVersionSignature: Ubuntu 3.8.0-26.38-generic 3.8.13.2
Uname: Linux 3.8.0-26-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Wed Jul 24 09:07:09 2013
InstallationDate: Installed on 2010-05-24 (1156 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
MarkForUpload: True
SourcePackage: nis
UpgradeStatus: Upgraded to raring on 2013-05-19 (65 days ago) |
|
2016-06-23 14:27:50 |
Christian Ehrhardt |
nis (Ubuntu Trusty): assignee |
|
ChristianEhrhardt (paelzer) |
|
2016-06-23 14:27:53 |
Christian Ehrhardt |
nis (Ubuntu Trusty): status |
New |
Triaged |
|
2016-06-23 14:27:55 |
Christian Ehrhardt |
nis (Ubuntu Trusty): importance |
Undecided |
High |
|
2016-06-23 14:30:39 |
Christian Ehrhardt |
description |
[Impact]
* The bug is a segfault on yppasswd rendering users unable to change their passwords
* justification for the SRU is the continued request by users and the fact that it is a very minimal change
* the fix ensures that a lib accessing data unconditionally only gets called if the values are properly initialized
[Test Case]
* install nis
* Config in /etc/default/nis: NISSERVER=master
* Config in /etc/yp.conf: ypserver 127.0.0.1
* Initialize with
$ sudo /usr/lib/yp/ypinit -m
$ restart rpcbind
* Test if your config works
$ ypcat passwd
should show something like
ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
* Trigger the bug
$ yppasswd -p ubuntu
Changing NIS account information for ubuntu on wily.localdomain.
Please enter root password:
Changing NIS password for ubuntu on wily.localdomain.
Please enter new password:
Segmentation fault (core dumped)
[Regression Potential]
* While it is assumed to not regress, if it does it is affected to break yppasswd even more (and while more than a segfault is hard to imagine I mean it might even break for those people that today got around it by some complex and weird workarounds.)
* The code is only local to the tool yppasswd and it is not part of a lib or so, so the impact - if any - should stay local
[Other Info]
* I really want to encourage the users reporting it being important to them testing it once in proposed to have more than just my tests.
* I wanted to nominate to be able to keep tracking Wily as Fix Released and Trusty as pending but that doesn't seem to work.
It would be great if the Sponsor with the proper permissions could also set the proper "Affects" status for those two releases
Sample output from a client (output is identical if run on the server):
$ yppasswd
Changing NIS account information for <user> on <server>.
Please enter old password:
Changing NIS password for <user> on <server>.
Please enter new password:
Segmentation fault (core dumped)
$
This setup worked fine with the 12.04 LTS release. I've purged package nis a number of times and reinstalled and still get the same behavior. I've also removed a slave server from the network and reconfigured nis and still get the same behavior.
I thought about listing this as a security vulnerability since the users cannot change their passwords.
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: nis 3.17-32ubuntu5
ProcVersionSignature: Ubuntu 3.8.0-26.38-generic 3.8.13.2
Uname: Linux 3.8.0-26-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Wed Jul 24 09:07:09 2013
InstallationDate: Installed on 2010-05-24 (1156 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
MarkForUpload: True
SourcePackage: nis
UpgradeStatus: Upgraded to raring on 2013-05-19 (65 days ago) |
[Impact]
* The bug is a segfault on yppasswd rendering users unable to change their passwords
* justification for the SRU is the continued request by users and the fact that it is a very minimal change
* the fix ensures that a lib accessing data unconditionally only gets called if the values are properly initialized
[Test Case]
* install nis
* Config in /etc/default/nis: NISSERVER=master
* Config in /etc/yp.conf: ypserver 127.0.0.1
* Initialize with
$ sudo /usr/lib/yp/ypinit -m
$ restart rpcbind
* Test if your config works
$ ypcat passwd
should show something like
ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
* Trigger the bug
$ yppasswd -p ubuntu
Changing NIS account information for ubuntu on wily.localdomain.
Please enter root password:
Changing NIS password for ubuntu on wily.localdomain.
Please enter new password:
Segmentation fault (core dumped)
[Regression Potential]
* While it is assumed to not regress, if it does it is affected to break yppasswd even more (and while more than a segfault is hard to imagine I mean it might even break for those people that today got around it by some complex and weird workarounds.)
* The code is only local to the tool yppasswd and it is not part of a lib or so, so the impact - if any - should stay local
[Other Info]
* I really would like to encourage the users reporting it being important to them testing it once in proposed to have more than just my tests.
Sample output from a client (output is identical if run on the server):
$ yppasswd
Changing NIS account information for <user> on <server>.
Please enter old password:
Changing NIS password for <user> on <server>.
Please enter new password:
Segmentation fault (core dumped)
$
This setup worked fine with the 12.04 LTS release. I've purged package nis a number of times and reinstalled and still get the same behavior. I've also removed a slave server from the network and reconfigured nis and still get the same behavior.
I thought about listing this as a security vulnerability since the users cannot change their passwords.
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: nis 3.17-32ubuntu5
ProcVersionSignature: Ubuntu 3.8.0-26.38-generic 3.8.13.2
Uname: Linux 3.8.0-26-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Wed Jul 24 09:07:09 2013
InstallationDate: Installed on 2010-05-24 (1156 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
MarkForUpload: True
SourcePackage: nis
UpgradeStatus: Upgraded to raring on 2013-05-19 (65 days ago) |
|
2016-06-23 14:33:06 |
Christian Ehrhardt |
attachment added |
|
SRU Debdiff for Trusty https://bugs.launchpad.net/ubuntu/+source/nis/+bug/1204530/+attachment/4689136/+files/bug-1204530-SRU-nis_3.17-32ubuntu6-to-nis_3.17-32ubuntu6.1.debdiff |
|
2016-06-23 14:34:52 |
Christian Ehrhardt |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2016-06-23 14:35:25 |
Christian Ehrhardt |
attachment removed |
Debdiff for Trusty https://bugs.launchpad.net/ubuntu/+source/nis/+bug/1204530/+attachment/4608491/+files/bug-1204530-SRU-nis_3.17-32ubuntu6-to-nis_3.17-32ubuntu7.debdiff |
|
|
2016-06-27 07:10:24 |
Christian Ehrhardt |
bug |
|
|
added subscriber ChristianEhrhardt |
2016-06-27 13:52:14 |
Robie Basak |
nis (Ubuntu Trusty): status |
Triaged |
In Progress |
|
2016-06-27 13:52:17 |
Robie Basak |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2016-06-29 13:24:27 |
Chris J Arges |
nis (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2016-06-29 13:24:32 |
Chris J Arges |
bug |
|
|
added subscriber SRU Verification |
2016-06-29 13:24:39 |
Chris J Arges |
tags |
amd64 apport-bug bitesize raring server-next |
amd64 apport-bug bitesize raring server-next verification-needed |
|
2016-07-06 06:22:12 |
Christian Ehrhardt |
tags |
amd64 apport-bug bitesize raring server-next verification-needed |
amd64 apport-bug bitesize raring server-next verification-done |
|
2016-07-12 06:34:36 |
Martin Pitt |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2016-07-12 06:38:28 |
Launchpad Janitor |
nis (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|