touch-packages team mailing list archive

Thread
Date

[Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Ulli Horlacher <framstag@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 05 Aug 2014 15:42:26 -0000
Reply-to: Bug 1352504 <1352504@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

WE, who are subscribed to this bug, know that we have to disable nscd, but
what about all others?
Their (automatic) update mechanism is defunct and they will not get
ANY security updates (including the glibc fix), until they manually stop
nscd! 
This is really a BAD situation!

See also
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1352876

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Confirmed
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions

References

[Bug 1352504] [NEW] Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
From: Alex Vandiver, 2014-08-04