[Bug 2078638] Re: coredumps with Xymon on 24.04
Dave Jones
2078638 at bugs.launchpad.net
Mon Nov 11 14:23:22 UTC 2024
** Description changed:
+ [ Impact ]
+
+ On noble/oracular, Xymon crashes almost immediately with detection of a
+ buffer overflow. On jammy, Xymon doesn't crash but is still subject to
+ the buffer overflow (it just doesn't notice because the FORTIFY_SOURCE
+ option is too low to enable that detection).
+
+ [ Test Plan ]
+
+ For the affected $series, first verify the issue manifests (n.b. this
+ does not apply to jammy which won't show the termination):
+
+ * lxc launch ubuntu:$series xymontest
+ * lxc shell xymontest
+ * apt update
+ * apt install xymon w3m (accept defaults)
+ * tail -f /var/log/xymon/rrd-status.log
+ * Note buffer overflow causing termination within a short period of time
+ * w3m http://localhost/xymon
+ * Note no interface is running
+ * exit
+ * lxc stop xymontest
+ * lxc delete xymontest
+
+ Verify proposed version fixes the issue:
+
+ * lxc launch ubuntu:$series xymontest
+ * lxc shell xymontest
+ * apt update
+ * apt install -t $series-proposed xymon w3m (accept defaults)
+ * tail -f /var/log/xymon/rrd-status.log
+ * Wait several minutes
+ * Note no buffer overflow termination
+ * w3m http://localhost/xymon
+ * Note interface is active; try main view, event log, config report
+ * exit
+ * lxc stop xymontest
+ * lxc delete xymontest
+
+ [ Regression Potential ]
+
+ The patch is minimal, is present in Debian, and has been forwarded
+ upstream. Given that the symptom (at least in noble onwards) is almost
+ immediately failure of the service, it's hard for it to regress much
+ further there. However, the test plan does include a basic general
+ functionality test to guard against wider regression.
+
+ This should also cover the jammy case which doesn't *appear* affected
+ but almost certainly is (it isn't noticing due to the lower
+ FORTIFY_SOURCE value, but we shouldn't leave buffer overflows lying
+ around if we don't have to!).
+
+ [ Original Description ]
+
lsb_release -rd:
No LSB modules are available.
Description: Ubuntu 24.04.1 LTS
Release: 24.04
apt-cache policy xymon:
xymon:
- Installed: 4.3.30-2build3
- Candidate: 4.3.30-2build3
- Version table:
- *** 4.3.30-2build3 500
- 500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
- 100 /var/lib/dpkg/status
+ Installed: 4.3.30-2build3
+ Candidate: 4.3.30-2build3
+ Version table:
+ *** 4.3.30-2build3 500
+ 500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
+ 100 /var/lib/dpkg/status
-
- Noticed Xymon server was not reporting disk and memory utilization from clients however client data was showing that information was received. Found errors in some logfiles:
+ Noticed Xymon server was not reporting disk and memory utilization from
+ clients however client data was showing that information was received.
+ Found errors in some logfiles:
==> /var/log/xymon/rrd-status.log <==
2024-09-01 12:34:06.746771 Peer not up, flushing message queue
2024-09-01 12:34:06.863790 Peer not up, flushing message queue
2024-09-01 12:34:08.265509 Peer not up, flushing message queue
2024-09-01 12:34:17.025378 Peer not up, flushing message queue
2024-09-01 12:34:41.913539 Peer not up, flushing message queue
2024-09-01 12:34:42.106938 Peer not up, flushing message queue
2024-09-01 12:34:42.765675 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:34:45.615048 Child process 164275 died: Signal 6
2024-09-01 12:34:58.117778 Peer at 0.0.0.0:0 failed: Broken pipe
==> /var/log/xymon/alert.log <==
2024-09-01 12:32:54.421811 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:33:49.327117 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:33:49.488250 Child process 163743 died: Signal 6
2024-09-01 12:33:49.888530 Peer at 0.0.0.0:0 failed: Broken pipe
2024-09-01 12:34:06.746753 Peer not up, flushing message queue
2024-09-01 12:34:37.421808 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:34:41.913550 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:34:48.583987 Child process 164284 died: Signal 6
==> /var/log/xymon/clientdata.log <==
2024-09-01 12:32:59.421812 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:33:54.362205 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:33:54.549344 Child process 163757 died: Signal 6
2024-09-01 12:34:11.535702 Peer at 0.0.0.0:0 failed: Broken pipe
2024-09-01 12:34:12.013168 Peer not up, flushing message queue
2024-09-01 12:34:42.421805 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:34:47.190143 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:34:53.608383 Child process 164295 died: Signal 6
I am using a xymon hosts.cfg that was running fine with Ubuntu 22.04.4
(xymon 4.3.30-1build2). I tried a fresh Ubuntu 24.04 OS install and got
the same response.
** Description changed:
[ Impact ]
On noble/oracular, Xymon crashes almost immediately with detection of a
buffer overflow. On jammy, Xymon doesn't crash but is still subject to
the buffer overflow (it just doesn't notice because the FORTIFY_SOURCE
option is too low to enable that detection).
[ Test Plan ]
For the affected $series, first verify the issue manifests (n.b. this
does not apply to jammy which won't show the termination):
* lxc launch ubuntu:$series xymontest
* lxc shell xymontest
* apt update
* apt install xymon w3m (accept defaults)
* tail -f /var/log/xymon/rrd-status.log
* Note buffer overflow causing termination within a short period of time
* w3m http://localhost/xymon
* Note no interface is running
* exit
* lxc stop xymontest
* lxc delete xymontest
- Verify proposed version fixes the issue:
+ Verify proposed version fixes the issue (n.b. this *does* apply to
+ jammy, which should show normal operation still works):
* lxc launch ubuntu:$series xymontest
* lxc shell xymontest
* apt update
* apt install -t $series-proposed xymon w3m (accept defaults)
* tail -f /var/log/xymon/rrd-status.log
* Wait several minutes
* Note no buffer overflow termination
* w3m http://localhost/xymon
* Note interface is active; try main view, event log, config report
* exit
* lxc stop xymontest
* lxc delete xymontest
[ Regression Potential ]
The patch is minimal, is present in Debian, and has been forwarded
upstream. Given that the symptom (at least in noble onwards) is almost
immediately failure of the service, it's hard for it to regress much
further there. However, the test plan does include a basic general
functionality test to guard against wider regression.
This should also cover the jammy case which doesn't *appear* affected
but almost certainly is (it isn't noticing due to the lower
FORTIFY_SOURCE value, but we shouldn't leave buffer overflows lying
around if we don't have to!).
[ Original Description ]
lsb_release -rd:
No LSB modules are available.
Description: Ubuntu 24.04.1 LTS
Release: 24.04
apt-cache policy xymon:
xymon:
Installed: 4.3.30-2build3
Candidate: 4.3.30-2build3
Version table:
*** 4.3.30-2build3 500
500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
100 /var/lib/dpkg/status
Noticed Xymon server was not reporting disk and memory utilization from
clients however client data was showing that information was received.
Found errors in some logfiles:
==> /var/log/xymon/rrd-status.log <==
2024-09-01 12:34:06.746771 Peer not up, flushing message queue
2024-09-01 12:34:06.863790 Peer not up, flushing message queue
2024-09-01 12:34:08.265509 Peer not up, flushing message queue
2024-09-01 12:34:17.025378 Peer not up, flushing message queue
2024-09-01 12:34:41.913539 Peer not up, flushing message queue
2024-09-01 12:34:42.106938 Peer not up, flushing message queue
2024-09-01 12:34:42.765675 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:34:45.615048 Child process 164275 died: Signal 6
2024-09-01 12:34:58.117778 Peer at 0.0.0.0:0 failed: Broken pipe
==> /var/log/xymon/alert.log <==
2024-09-01 12:32:54.421811 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:33:49.327117 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:33:49.488250 Child process 163743 died: Signal 6
2024-09-01 12:33:49.888530 Peer at 0.0.0.0:0 failed: Broken pipe
2024-09-01 12:34:06.746753 Peer not up, flushing message queue
2024-09-01 12:34:37.421808 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:34:41.913550 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:34:48.583987 Child process 164284 died: Signal 6
==> /var/log/xymon/clientdata.log <==
2024-09-01 12:32:59.421812 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:33:54.362205 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:33:54.549344 Child process 163757 died: Signal 6
2024-09-01 12:34:11.535702 Peer at 0.0.0.0:0 failed: Broken pipe
2024-09-01 12:34:12.013168 Peer not up, flushing message queue
2024-09-01 12:34:42.421805 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:34:47.190143 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:34:53.608383 Child process 164295 died: Signal 6
I am using a xymon hosts.cfg that was running fine with Ubuntu 22.04.4
(xymon 4.3.30-1build2). I tried a fresh Ubuntu 24.04 OS install and got
the same response.
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2078638
Title:
coredumps with Xymon on 24.04
Status in xymon package in Ubuntu:
Fix Released
Status in xymon source package in Jammy:
Triaged
Status in xymon source package in Noble:
Triaged
Status in xymon source package in Oracular:
Triaged
Status in xymon source package in Plucky:
Fix Released
Bug description:
[ Impact ]
On noble/oracular, Xymon crashes almost immediately with detection of
a buffer overflow. On jammy, Xymon doesn't crash but is still subject
to the buffer overflow (it just doesn't notice because the
FORTIFY_SOURCE option is too low to enable that detection).
[ Test Plan ]
For the affected $series, first verify the issue manifests (n.b. this
does not apply to jammy which won't show the termination):
* lxc launch ubuntu:$series xymontest
* lxc shell xymontest
* apt update
* apt install xymon w3m (accept defaults)
* tail -f /var/log/xymon/rrd-status.log
* Note buffer overflow causing termination within a short period of time
* w3m http://localhost/xymon
* Note no interface is running
* exit
* lxc stop xymontest
* lxc delete xymontest
Verify proposed version fixes the issue (n.b. this *does* apply to
jammy, which should show normal operation still works):
* lxc launch ubuntu:$series xymontest
* lxc shell xymontest
* apt update
* apt install -t $series-proposed xymon w3m (accept defaults)
* tail -f /var/log/xymon/rrd-status.log
* Wait several minutes
* Note no buffer overflow termination
* w3m http://localhost/xymon
* Note interface is active; try main view, event log, config report
* exit
* lxc stop xymontest
* lxc delete xymontest
[ Regression Potential ]
The patch is minimal, is present in Debian, and has been forwarded
upstream. Given that the symptom (at least in noble onwards) is almost
immediately failure of the service, it's hard for it to regress much
further there. However, the test plan does include a basic general
functionality test to guard against wider regression.
This should also cover the jammy case which doesn't *appear* affected
but almost certainly is (it isn't noticing due to the lower
FORTIFY_SOURCE value, but we shouldn't leave buffer overflows lying
around if we don't have to!).
[ Original Description ]
lsb_release -rd:
No LSB modules are available.
Description: Ubuntu 24.04.1 LTS
Release: 24.04
apt-cache policy xymon:
xymon:
Installed: 4.3.30-2build3
Candidate: 4.3.30-2build3
Version table:
*** 4.3.30-2build3 500
500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
100 /var/lib/dpkg/status
Noticed Xymon server was not reporting disk and memory utilization
from clients however client data was showing that information was
received. Found errors in some logfiles:
==> /var/log/xymon/rrd-status.log <==
2024-09-01 12:34:06.746771 Peer not up, flushing message queue
2024-09-01 12:34:06.863790 Peer not up, flushing message queue
2024-09-01 12:34:08.265509 Peer not up, flushing message queue
2024-09-01 12:34:17.025378 Peer not up, flushing message queue
2024-09-01 12:34:41.913539 Peer not up, flushing message queue
2024-09-01 12:34:42.106938 Peer not up, flushing message queue
2024-09-01 12:34:42.765675 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:34:45.615048 Child process 164275 died: Signal 6
2024-09-01 12:34:58.117778 Peer at 0.0.0.0:0 failed: Broken pipe
==> /var/log/xymon/alert.log <==
2024-09-01 12:32:54.421811 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:33:49.327117 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:33:49.488250 Child process 163743 died: Signal 6
2024-09-01 12:33:49.888530 Peer at 0.0.0.0:0 failed: Broken pipe
2024-09-01 12:34:06.746753 Peer not up, flushing message queue
2024-09-01 12:34:37.421808 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:34:41.913550 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:34:48.583987 Child process 164284 died: Signal 6
==> /var/log/xymon/clientdata.log <==
2024-09-01 12:32:59.421812 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:33:54.362205 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:33:54.549344 Child process 163757 died: Signal 6
2024-09-01 12:34:11.535702 Peer at 0.0.0.0:0 failed: Broken pipe
2024-09-01 12:34:12.013168 Peer not up, flushing message queue
2024-09-01 12:34:42.421805 Flushed 1 stale messages for 0.0.0.0:0
2024-09-01 12:34:47.190143 Peer not up, flushing message queue
*** buffer overflow detected ***: terminated
2024-09-01 12:34:53.608383 Child process 164295 died: Signal 6
I am using a xymon hosts.cfg that was running fine with Ubuntu 22.04.4
(xymon 4.3.30-1build2). I tried a fresh Ubuntu 24.04 OS install and
got the same response.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/2078638/+subscriptions
More information about the Ubuntu-sponsors
mailing list