2011-10-19-xorg-server-security-update-breaks-glx
2910
Comment:
|
2910
|
Deletions are marked like this. | Additions are marked like this. |
Line 27: | Line 27: |
* 12:32: !regression-alert announced in #ubuntu-devel | * 17:32: !regression-alert announced in #ubuntu-devel |
Owner: Marc Deslauriers
Intro
This template is used to track events during a crisis or potential crisis. The goal is not to analyse the entire event, but rather to provide whiteboard-style communications with the key people involved in the reaction plan. If you are not directly involved, do not speculate on pages of this type.
Incident Description
Crisis Response Team
- Marc Deslauriers (security)
- Jamie Strandboge (security, archive)
- Steve Beattie (security)
- tiaz (IS)
- elmo (IS)
Events
All times are in UTC. <Build a chronological list of events as they unfold.>
Oct 18 16:25: http://www.ubuntu.com/usn/usn-1232-1/ published and mdeslaur begins monitoring xorg-server bugs for any regressions
Oct 19 05:11: https://launchpad.net/bugs/877905 filed against the wrong package (xorg, instead of xorg-server). Reported only against Ubuntu 10.04 LTS
- 17:04: mdeslaur notices bug and begins investigating
- 17:19: mdeslaur escalates to manager (jdstrand)
- 17:24: jdstrand informs canonical-support and platform-managers
- 17:32: !regression-alert announced in #ubuntu-devel
- 17:33: skaet acks
- 17:33: inform IS of problem
- 17:37: tiaz responds to 1) block updates from internal machine, 2) rm the files on the mirror master and trigger an update to all other mirrors
- 17:38: incident report started
17:40: elmo informs DealingWithCrisis is incorrect for package of this importance
- 18:10: jdstrand updates bug for notification and provides workaround
- 18:15: tiaz finishes IS tasks (external mirrors have been triggered, but propagation will take longer)
- 18:22: mdeslaur confirms Ubuntu 10.04 LTS is affected
- 18:22: mdeslaur compiles package reverting the patch believed to cause the issue
- 18:29: mdeslaur confirms reverting patch fixes the issue and proceeds to upload packages for 10.04 LTS to the security PPA
- 18:42: sbeattie confirms that Ubuntu 10.10 is not affected
- 19:03: security PPA finishes building i386 and am64, mdeslaur downloads for testing
Successes
<Identify positive things that happened. What went right in the course of our response?>
Problems
<Identify problems with the events. What went wrong in the course of our response?>
https://wiki.canonical.com/UbuntuEngineering/DealingWithCrisis documents archive admin procedures which are were inappropriate for this update. This should be updated
- bug filed against the wrong source package which resulted in issue not being caught sooner
- while the xorg-server updates were performed on real hardware for all releases, this was on an nvidia chip which used nvidia-glx, which was not affected
Recommendations
<Suggest changes to process to minimize problems in the future. These should correspond to the problems identified above.>
IncidentReports/2011-10-19-xorg-server-security-update-breaks-glx (last edited 2011-10-24 14:59:52 by jdstrand)