Your message dated Sat, 09 Nov 2013 21:24:51 +0000
with message-id <e1vfg1t-0003a0...@franck.debian.org>
and subject line Bug#729029: fixed in openssh 1:6.4p1-1
has caused the Debian Bug report #729029,
regarding openssh-server: fatal xfree error when RekeyLimit hit with GCM
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
729029: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729029
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-server
Version: 1:6.2p2-6
Severity: normal
I am attempting to transfer a large (1.6 GiB) file over sftp. I have
set my RekeyLimit to 1G in my ~/.ssh/config file. When I get to the
rekey limit, the connection is reset:
vauxhall ok % sftp bmc@castro:/media/data/bmc/finished/upload/
Connected to castro.
Changing to: /media/data/bmc/finished/upload/
sftp> put large-file
Uploading large-file to /media/data/bmc/finished/upload/large-file
large-file
67% 1021MB 8.0MB/s 01:02 ETAConnection closed by 173.11.243.49
Couldn't read packet: Connection reset by peer
The auth.log file on the server says:
Oct 19 14:01:12 castro sshd[649315]: Authorized to bmc, krb5 principal
b...@crustytoothpaste.net (krb5_kuserok)
Oct 19 14:01:12 castro sshd[649315]: Accepted gssapi-with-mic for bmc from
172.16.2.247 port 44985 ssh2
Oct 19 14:01:12 castro sshd[649315]: pam_unix(sshd:session): session opened
for user bmc by (uid=0)
Oct 19 14:01:12 castro sshd[649317]: subsystem request for sftp by user bmc
Oct 19 14:03:44 castro sshd[649317]: fatal: xfree: NULL pointer given as
argument
Oct 19 14:03:44 castro sshd[649315]: pam_unix(sshd:session): session closed
for user bmc
Note the "fatal: xfree: NULL pointer given as argument" error. This
terminates the session. If I set the RekeyLimit value to 2G (larger
than my file), it works just fine. If you don't feel like transferring
gigabytes of data, I can also reproduce this problem with a 200M
RekeyLimit (I haven't tried smaller). It also happens with publickey
authentication as well as GSSAPI, although the line starting with
"fatal" is not logged in that case.
I originally saw this error with sshfs-fuse, but as you can see, it also
happens with the plain sftp client. Please let me know if you need more
information, as this is easily reproducible for me.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu3
ii dpkg 1.17.1
ii libc6 2.17-93
ii libcomerr2 1.42.8-1
ii libgssapi-krb5-2 1.11.3+dfsg-3
ii libkrb5-3 1.11.3+dfsg-3
ii libpam-modules 1.1.3-9
ii libpam-runtime 1.1.3-9
ii libpam0g 1.1.3-9
ii libselinux1 2.1.13-3
ii libssl1.0.0 1.0.1e-3
ii libwrap0 7.6.q-24
ii lsb-base 4.1+Debian12
ii openssh-client 1:6.2p2-6
ii procps 1:3.3.8-2
ii sysv-rc 2.88dsf-43
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages openssh-server recommends:
ii ncurses-term 5.9+20130608-1
ii xauth 1:1.0.7-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
ii openssh-blacklist 0.4.1+nmu1
ii openssh-blacklist-extra 0.4.1+nmu1
pn rssh <none>
pn ssh-askpass <none>
pn ufw <none>
-- debconf information:
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
ssh/vulnerable_host_keys:
* ssh/use_old_init_script: true
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:6.4p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 729...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 09 Nov 2013 18:24:16 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome
openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.4p1-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-...@lists.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote
machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote
machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for
ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 158590 436052 651357 729029
Changes:
openssh (1:6.4p1-1) unstable; urgency=high
.
* New upstream release. Important changes:
- 6.3/6.3p1 (http://www.openssh.com/txt/release-6.3):
+ sftp(1): add support for resuming partial downloads using the
"reget" command and on the sftp commandline or on the "get"
commandline using the "-a" (append) option (closes: #158590).
+ ssh(1): add an "IgnoreUnknown" configuration option to selectively
suppress errors arising from unknown configuration directives
(closes: #436052).
+ sftp(1): update progressmeter when data is acknowledged, not when
it's sent (partially addresses #708372).
+ ssh(1): do not fatally exit when attempting to cleanup multiplexing-
created channels that are incompletely opened (closes: #651357).
- 6.4/6.4p1 (http://www.openssh.com/txt/release-6.4):
+ CVE-2013-4548: sshd(8): fix a memory corruption problem triggered
during rekeying when an AES-GCM cipher is selected (closes:
#729029). Full details of the vulnerability are available at:
http://www.openssh.com/txt/gcmrekey.adv
* When running under Upstart, only consider the daemon started once it is
ready to accept connections (by raising SIGSTOP at that point and using
"expect stop").
Checksums-Sha1:
d3d59b8f7f36dc1d53307ddfced196d04657f620 2586 openssh_6.4p1-1.dsc
cf5fe0eb118d7e4f9296fbc5d6884965885fc55d 1201402 openssh_6.4p1.orig.tar.gz
99d8fe7771b5135e6da98fcd2a081bd34036edae 171847 openssh_6.4p1-1.debian.tar.gz
7e97ebf8d108d51521bc0b6ed2a6ab319865183b 599808 openssh-client_6.4p1-1_i386.deb
1f90c0c75d29a0aeed75d731b45d31d3ae756da0 261508 openssh-server_6.4p1-1_i386.deb
f6ec921377b9a788c0153ab0f0d4226c2711a235 1060 ssh_6.4p1-1_all.deb
eaed6150c0f0dbd90e8771163cbcc4fede986b7d 113730 ssh-krb5_6.4p1-1_all.deb
1ea2ed34e049677d9385a6a72c74fb11328dbdc4 121450
ssh-askpass-gnome_6.4p1-1_i386.deb
0797ea0ccff3611726edca0e13d6df8543d6b61e 185162
openssh-client-udeb_6.4p1-1_i386.udeb
7f12f2d5b2ed96c1d78d1e441fe63da5d5b44568 212216
openssh-server-udeb_6.4p1-1_i386.udeb
Checksums-Sha256:
3f7b4085228cd4db9990011c9902e872737a644013f0f981299e9797bce1a600 2586
openssh_6.4p1-1.dsc
5530f616513b14aea3662c4c373bafd6a97a269938674c006377e381f68975d2 1201402
openssh_6.4p1.orig.tar.gz
a1a70cef430e9723b49f2afbc08f01df4b17ee72348d6c6c5dbe67e004f9a109 171847
openssh_6.4p1-1.debian.tar.gz
3c4c382b68bff757daba80ab4328e3ddfab1d1097303e7c0d2fb832f2784effe 599808
openssh-client_6.4p1-1_i386.deb
4e0e053d91edec9c78165d1faf2fb9fc27baf33a06141bee5eddb3be6073bd15 261508
openssh-server_6.4p1-1_i386.deb
9fad63aa5df44b86cfdb69ff27794718eaf3e804a9d005e46ca5b3a3a97fdc4e 1060
ssh_6.4p1-1_all.deb
26b08bc547b8467462448efd5a2f835c8dbe5599f800ca57fdd29eedd84e83fe 113730
ssh-krb5_6.4p1-1_all.deb
916ad5c7fc011adf1f2409998fd4df906c29a48e4af9a562d7c6dda59d8e77a8 121450
ssh-askpass-gnome_6.4p1-1_i386.deb
6c5cd1265bdaeed6a11504fc2e8c66e9c32c62b6fae9b4f88384b93c0c47daa3 185162
openssh-client-udeb_6.4p1-1_i386.udeb
f292febd717cecaa0f6c25562bf1dbe714f4481b55f49df39f6253c6e6f148d0 212216
openssh-server-udeb_6.4p1-1_i386.udeb
Files:
707f9097f554faf738a41594dc9dcec3 2586 net standard openssh_6.4p1-1.dsc
a62b88b884df0b09b8a8c5789ac9e51b 1201402 net standard openssh_6.4p1.orig.tar.gz
9a9e5dcb06b079c035caead19a3a043a 171847 net standard
openssh_6.4p1-1.debian.tar.gz
58708693dfa5b77dc6b6121591877854 599808 net standard
openssh-client_6.4p1-1_i386.deb
55d558b527e3b2aaa53c250903f5bfe4 261508 net optional
openssh-server_6.4p1-1_i386.deb
00268a9c416eefe9f9d23ef8fe65bbc2 1060 net extra ssh_6.4p1-1_all.deb
1e33bed0871d4dc8f9d950549bf27e7a 113730 oldlibs extra ssh-krb5_6.4p1-1_all.deb
4c7183639e9450f16a54daff2460a7ec 121450 gnome optional
ssh-askpass-gnome_6.4p1-1_i386.deb
13aa54a73a0da6ab353173172a08a456 185162 debian-installer optional
openssh-client-udeb_6.4p1-1_i386.udeb
a5556a27a17d3c6a99d0b9935db0a9ae 212216 debian-installer optional
openssh-server-udeb_6.4p1-1_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Colin Watson <cjwat...@debian.org> -- Debian developer
iQIVAwUBUn6SYDk1h9l9hlALAQhU2RAAlDhFCCcWHxlyj0oAl1LXNT7n68re0yfU
WuXOz9VJYavcigaX3872CkdCxhHMHSQ9idiodr+HhcubdbE/x2y9dYe+0mT6mygk
LwL6ed+Z60wF5IU31ZMhymhGDKq+kXaTo/rGdV25KM+MHbOBSjaEgjzc6Of+KVzi
BbuziJ0KKaaBpqYNS5Vevih1EIgLxRyvSLAQKH1opmjBHk7M3ljCQH1u/K9AnNPx
B8wKbl3vwQQwsxczzQ7tXOvGkUP9Vr7y21XSc8RJnrBojUL3Yl2SjWJWl0tO+sJ3
9KGZFU0sL45NdAxKxw5hO6X9VVVtf5gR0A6G8/8P5Ja28LacbnR3QcAq8/xGIcEA
hVQzTE+SO0we8zoCVYTQhoWtq97eDXDJRoqLxQaIkDo2fwzm4/nzp+4y81pn+pQ6
0SiY64Ix1tcewlgi5CI1LPfawMP/u6bv2C7xr2aVnLcUCoKyiTl2LuyNP+pIMdxy
QIkJUH3IBHtAMtGVW/GwtgLGo0v+v4aMki0+AJhoLXBZfPMyOdIMA5xZQMBtAqkM
dTAARD1gmbzgReq35y4amcEXbSHcHwM9e/LCJdHDSnM7m9jdtjuNI9Ipg5tuaylW
HQpKs3sXZLTMRgUfQp+a4uWA6kio6nsuR+ZoDjycLMzJCWpydWLn1xG8ScxSPjvj
sXWC6BYZ0/4=
=nUhU
-----END PGP SIGNATURE-----
--- End Message ---
