1. Home
  2. OS

Subcategories

  • 2 Topics
    2 Posts
    peat_psuwitP
    Vulnerability During the periodic scanning of the local media, gst-hybris gets loaded by Gstreamer, a media framework, to perform HW-accelerated video decoding. gst-hybris expected the rendering element ("sink") to be HW-accelerated as well, but media scanning does not use HW-accelerated rendering. This results in memory corruption, which could potentially be exploited by a specifically-crafted media. Info The pipeline constructing process of Gstreamer is dynamic; it can automatically pick the demuxer, decoder(s), and sink(s) based on the file type, file content, and component's capability. In this case, Gstreamer picks gst-hybris' HW-accelerated decoder as the decoder, but "fakesink" as the sink (as the scanner only wants to know certain metadata). Now, to perform HW-accelerated video rendering, gst-hybris has a dedicated sink which co-operate with the decoder in order to pass decoded video frame without copying the memory. When Gstreamer connects the decoder with the sink, the decoder can access the sink to perform necessary co-ordination. However, the decoder forgot to check if the sink it accesses is the one it can co-operate, which results in the code writing into the memory it's not supposed to access. In order for this to be exploited, the video has to be on the device, which subsequently leads to it being scanned. Video playback in other cases is not affected, as they always use HW-accelerated video rendering. CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') Severity: Medium Affected versions Affected versions: All Ubuntu Touch versions up to and including 20.04 OTA-10, 24.04-1.0. Fixed in versions: Ubuntu Touch 20.04 OTA-11 and 24.04-1.1. Solution Starting in Ubuntu Touch 20.04 OTA-11 and 24.04-1.1, gst-hybris checks the type of the sink before casting to the expected type. Fixed in: https://gitlab.com/ubports/development/core/hybris-support/gst-hybris/-/commit/58bb0e1ba2169bd85ac0930bf074ab865553356f Recommendations Update your device to Ubuntu Touch 20.04 OTA-11, 24.04-1.1 or newer. Do not download videos from untrusted sources. Timeline The issue was discovered on 30 September 2025, during a debugging of another issue. The issue was discovered before the release of Ubuntu Touch 24.04-1.0, but we did not manage to work it through and fix it in time for that release. Ubuntu Touch 20.04 OTA-11 and 24.04-1.1 was released on 1 December 2025, coordinated with the publication of this advisory. Credit Reported-by: Ratchanan Srirattanamet Patched-by: Ratchanan Sirrattanamet

  • This forum is all about the ongoing efforts to upgrade UT to the 20.04 codebase of Ubuntu.

    132 Topics
    954 Posts
    A
    @Moem @Luksus This is good news as this was a good phone with UBPorts
Log in to post
Load new posts
  • WLBIW

    UBports 16.04 on BQ M10 FHD?

    1
    3 Votes
    1 Posts
    1k Views
    No one has replied
  • F

    Nexus 4

    7
    0 Votes
    7 Posts
    3k Views
    H
    @fmulcar I think we are in line, more or less, and the both of us think that the Nexus 4 is a nice device. For myself i try to be patient with a hope that the Nexus 4 still have a future, but in the meanwhile i stay with the Canonical version. However, i think that Nexus 4 should have some priority since it had under the wings of Canonical, being their primary device.
  • V

    Ubuntu team AMA

    3
    2 Votes
    3 Posts
    1k Views
    V
    Well that is great to hear! I'm going to post a couple "deep" questions with a prefix of "Ubuntu AMA:", these will be questions about basic system organization and flow of control. Hope we can start to fill this forum with some answers which will be referred to again and again in the coming years!
  • V

    What controls the LEDs?

    6
    0 Votes
    6 Posts
    2k Views
    V
    Dekko's just an email client, right? New mail notification is a server feature. For me, I have an imap watcher which watches for new mail using the IDLE extension and pushes an XMPP message: https://vsta.org/andy/pickup/xmpp_mail.py and I have a web interface to XMPP so I can read from a browser anywhere: https://github.com/vandys/webXMPP The final part is a daemon running on my phone, and its counterpart on that webXMPP server. When my phone's active, it just does a popup notification with sound. When the phone's off, it also gets the LED's blinking. They turn back off when you unlock the phone. The server remembers the client, and as soon as new messages arrive, it does a notification push. I guess I'm telling you that I don't see how an email client gives you push notifications. The best it can do is try to run in the background and poll an imap account. But Touch SIGSTOP's apps as soon as they lose focus (delta that UI tweak utility) which will fight you, and it's a waste of battery and data anyway. imap IDLE really isn't a great fit for a mobile platform.
  • L

    Voice recognition / commands to UT?

    3
    0 Votes
    3 Posts
    1k Views
    ?
    It seems that there is such a package https://launchpad.net/unity-voice although this stopped being shipped after 15.10. Not sure why In any case I plan to have a look at it at some time.
  • U

    Updates for devices

    update
    11
    0 Votes
    11 Posts
    4k Views
    M
    @UKPhil thanks , yea you right. was a missunderstanding than.
  • V

    Notifications working, UBports is now my daily driver

    2
    4 Votes
    2 Posts
    1k Views
    V
    Update... During my trip, I had to switch back to my old phone due to a bug in the Python3 notification2 library. _closed_callback() was using an "nid" which wasn't in the notifications_registry any more. I coded some defensive logic and logging, and will see what's going on. But with that workaround, I have been able to daily drive my Nexus 5 for the second day now. I'm able to keep real time notifications with one 150 byte packet sent and received every 2.5 minutes. It lives fine behind NAT, and also seems fine with the transition from Wifi to mobile data and back.
  • T

    Problem with magic-device-tool and Nexus 5

    15
    0 Votes
    15 Posts
    4k Views
    T
    @hans1977se Maybe it worked for me, because I used a Raspberry Pi with Ubuntu Mate. I'm not quite sure how the user and sudoers group management works there. I'm pretty sure that by using a "fully prepared" working system, this error does not occur.
  • G

    Ubuntu Touch color theme

    3
    0 Votes
    3 Posts
    2k Views
    M
    Ubuntu/Canonical colors are Ubuntu orange and Canonical aubergine. None of this colors has any role in the latest Canonical designs. None of this colors as well is present in the UI I think apart of Ubuntu logo button and Ubuntu Store icon. It may be present also in some apps that hasn't been updated for a long time. I think that we retain the orange Ubuntu logo and Ubuntu wallpapers as long as the Ubuntu Touch name is kept. If the decision to change it is made or we are forced to do this, then the new branding for the OS should be created, consisting of new name, new logo and colors for it.
  • U

    Localization Software Evaluations

    3
    1 Votes
    3 Posts
    1k Views
    advocatuxA
    @UniSuperBox, last night I was going to post a study [0] OpenSource.com has published yesterday on 18 open source translation tools to localize your project but I saw in the telegram group that weblate is the winner already. I don't have an special predilection for any tool. Anyway here's the link just in case is interesting for someone. [0] https://opensource.com/article/17/6/open-source-localization-tools
  • Emanuele SorceE

    FUSE support (File System in User Space) support?

    5
    0 Votes
    5 Posts
    2k Views
    D
    The issue has been filed, link for reference: https://github.com/ubports/ubports-touch/issues/128
  • U

    Apps & scopes closing down on shut down

    11
    0 Votes
    11 Posts
    3k Views
    U
    I have raised this in Github Github defect
  • I

    OP3T

    13
    0 Votes
    13 Posts
    3k Views
    advocatuxA
    @Flohack, OP3T comes with OxygenOS which is based in Android 6.x or Android 7.x depending version. https://en.wikipedia.org/wiki/OxygenOS
  • U

    Telegram notifications not showing if app not open

    2
    0 Votes
    2 Posts
    1k Views
    W
    This is not a feature, my Bq E5 also lost notifications at around the end of May. It looks like something cancels the registration of your Ubuntu One account in the Canonical notifications push server, and your device looses the notifications. A workaround that has been reported to work is to delete completely your Ubuntu One account, create a new one, and register again Telegram with the new Ubuntu One account. Just creating a new account and registering Telegram again, without deleting the old account, has not worked for me (I cannot erase my old account since it is my Launchpad account and I have a lot of history there). Now I have moved my daily device to a Nexus 5 and I have recovered Telegram notifications with my old account. In any case who knows how long we are going to have Telegram notifications, as soon as Canonical decides to close the push server they will be gone for good. There is some discussion on how to implement a sustainable notification system (maintaining a push server seems out of the possibilities of UBports) here in the forums and in github.
  • F

    Ota1 channel 15.04 stable

    10
    -1 Votes
    10 Posts
    3k Views
    C
    @Flohack This command needs to be run on your mobile device, so first login into your device via ssh.
  • O

    Nexus 5 / Hammerhead battery boost? Disable auto-rotate & reboot for slower drain.

    1
    0 Votes
    1 Posts
    985 Views
    No one has replied
  • V

    Building Ubuntu Touch images

    2
    0 Votes
    2 Posts
    1k Views
    U
    We have the general steps that an image goes through on this wiki page, but we do not have step-by-step instructions for setting it up yourself.
  • V

    Building Hammerhead

    6
    0 Votes
    6 Posts
    2k Views
    V
    Thanks for that pointer, applying it to my Hammerhead tree did permit a build. What would have been my "hands on" Nexus 5 is busy with some highly interesting notification experiments, but I'll see if my built images boot RSN.
  • J

    Which should be the new name of Ubuntu Touch?

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    U
    There's already a topic open for this here. We'd appreciate your opinions there, if you have any to give. No harm done, we just prefer to keep discussion in one place if possible. I'm locking this topic in that interest.
  • G

    Aquaris as Core Device

    9
    1 Votes
    9 Posts
    3k Views
    marcokarloM
    Hi, since a young developer provided a Lineage OS 13.0 version for BQ Aquarius E4.5 maybe one could use this as a base to get a newer kernel? I am not exactly sure what kernel version and what else is needed to get 16.04 working on Krillin but any insight in the requirements for porting to 16.04 would be heartily appreciated. Here is the link to the Lineage OS porting guide: http://www.cyanogenmods.org/forums/topic/lineage-os-13-aquaris-e4-5-krillin-marshmallow-rom/ Here are the links to the Github repository of the developer: https://github.com/Pablito2020/android_kernel_bq_krillin https://github.com/Pablito2020/android_device_bq_krillin I am currently switching my Krillin from the Canonical to the UBPorts image, but if it helps I can also try out the LineageOS version.