How do I report a sensitive security issue?

security

In Ubuntu 10.04 (and perhaps later) there appears to be a serious vulnerability to a brute force dictionary attack on any Apache server that is using MySQL to validate user logins.

This issue means that neither fail2ban nor Apache mod_security detects the attack.

I would prefer not to list the detail here.

Could someone contact me or explain to me how I can report the problem without posting the vulnerability to the whole world?


You'll need to file a bug against the package you're having an issue with. You can use these instructions to report a bug. Once all the data is collected LaunchPad will open a window and you can continue with the bug reporting process.

Alternatively, visit the LaunchPad Ubuntu page (https://bugs.launchpad.net/ubuntu/+source/<PACKAGENAME>) then fill out the details.

Once a summary and duplicate detection have completed, but prior to submitting your report, there will be the following option at the bottom of the page that you will need to select:

enter image description here

Doing so will make this bug hidden and alert the security team.

Related

Nvidia Dual Displays not being detected
Is it possible to install ubuntu-restricted-extras without the MS fonts packages?
Installing Valgrind on a 3.x Kernel
System Configuration and date time missing
Where are the daily builds for Chromium for 12.04?
How can I install Unity in Kubuntu 12.04?
watchdog/0 process using all my CPU suddenly
Need help with Griffin PowerMate USB volume controller - new 64 bit desktop & Ubuntu 12.04
Is there a version of Chrome or Chromium whose bookmarks are visible to the HUD?
What is the difference between virtual terminals and Gnome terminals?
Installation of openjdk 7
What is the Ubuntu Accomplishments project?