Package: kde-workspace-bin Version: 4:4.11.13-2 Severity: critical Justification: causes serious data loss
-- System Information: Debian Release: 8.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages kde-workspace-bin depends on: ii iso-codes 3.57-1 ii kde-runtime 4:4.14.2-2 ii kde-style-oxygen 4:4.11.13-2 ii kde-workspace-data 4:4.11.13-2 ii kde-workspace-kgreet-plugins 4:4.11.13-2 ii kscreen 1.0.2.1-1 ii libc6 2.19-18+deb8u2 ii libcln6 1.3.4-1 ii libdbusmenu-qt2 0.9.2-1 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-3+deb8u1 ii libgcc1 1:4.9.2-10 ii libgl1-mesa-glx [libgl1] 10.3.2-1+deb8u1 ii libice6 2:1.0.9-1+b1 ii libjpeg62-turbo 1:1.3.1-12 ii libkactivities6 4:4.13.3-1 ii libkcmutils4 4:4.14.2-5 ii libkdeclarative5 4:4.14.2-5 ii libkdecore5 4:4.14.2-5 ii libkdesu5 4:4.14.2-5 ii libkdeui5 4:4.14.2-5 ii libkfile4 4:4.14.2-5 ii libkidletime4 4:4.14.2-5 ii libkio5 4:4.14.2-5 ii libknewstuff3-4 4:4.14.2-5 ii libknotifyconfig4 4:4.14.2-5 ii libkparts4 4:4.14.2-5 ii libkpty4 4:4.14.2-5 ii libkscreensaver5 4:4.11.13-2 ii libkworkspace4abi2 4:4.11.13-2 ii libnepomukcore4 4:4.14.0-1+b2 ii libpam0g 1.1.8-3.1+deb8u1 ii libphonon4 4:4.8.0-4 ii libplasma3 4:4.14.2-5 ii libplasmagenericshell4 4:4.11.13-2 ii libpng12-0 1.2.50-2+deb8u2 ii libprocesscore4abi1 4:4.11.13-2 ii libprocessui4a 4:4.11.13-2 ii libqalculate5 0.9.7-9 ii libqimageblitz4 1:0.0.6-4 ii libqjson0 0.8.1-3 ii libqt4-dbus 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libqt4-declarative 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libqt4-sql 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libsm6 2:1.2.2-1+b1 ii libsolid4 4:4.14.2-5 ii libsoprano4 2.9.4+dfsg-1.1 ii libstdc++6 4.9.2-10 ii libstreamanalyzer0 0.7.8-1.2+b2 ii libudev1 215-17+deb8u3 ii libusb-0.1-4 2:0.1.12-25 ii libx11-6 2:1.6.2-3 ii libxcursor1 1:1.1.14-1+b1 ii libxext6 2:1.3.3-1 ii libxfixes3 1:5.0.1-2+b2 ii libxft2 2.3.2-1 ii libxi6 2:1.7.4-1+b2 ii libxinerama1 2:1.1.3-1+b1 ii libxkbfile1 1:1.0.8-1 ii libxrandr2 2:1.4.2-1+b1 ii libxrender1 1:0.9.8-1+b1 ii libxtst6 2:1.2.2-1+b1 ii phonon 4:4.8.0-4 ii plasma-desktop 4:4.11.13-2 ii qdbus 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii x11-utils 7.7+2 ii x11-xserver-utils 7.7+3+b1 Versions of packages kde-workspace-bin recommends: ii plasma-scriptengines 4:4.11.13-2 ii policykit-1-gnome 0.105-2 ii polkit-kde-1 0.99.1-1 ii upower 0.99.1-3.2 Versions of packages kde-workspace-bin suggests: ii x11-xkb-utils 7.7+1 -- no debconf information Hallo, if one User on the machine run kde and this one or an other user makes a ssh-connection like ssh test@$IP1 -i ~/.ssh/test-key ls the kdeinit4-process of the local user increase memory-consumption for any login and never released it until the local user logged out. If many ssh-requests appear the memory filled over quota, than system begin to swap and ultimatly it crashed without closing files and so on. Possible it exist other vectors to use this crashing-method. Above all it is very suprising, that login from other users have a consequence by the local user. If this user use i. e. gnome no problems seen. I found the problem by testing systems with a external loop including many ssh-calls. And I see the systems crashed all. Without running kde _or_ without ssh-calls the system looks stabil. The systems are virtual using kvm (qemu). Crosstesting on a real system with kernel 4.4.0 (patched with a line against cve-2016-0718) sound like non-affected. I will test with a other kernel on the kvm-machines in future. with regards Andreas Matthus
