Bug#865311:
C programs which start a jvm using jni also segfault. This smells like fundamentally the same issue. I added a "me too" to debian bug 865746 (collectd), with links to info about the issue at Ubuntu - including a test program to reproduce. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865746#15 and #16.
Bug#865311: SIGSEGV in jsvc / LibreOffice after kernel update
2017-06-22 14:01 GMT+02:00 Ben Hutchings: > I have candidate fixes for this regression which are available at: > https://people.debian.org/~benh/packages/CVE-2017-1000364/ > [...] > I have tested these using Charles Leclerc's sample jsvc service and my > own stack clash test program, but would appreciate other testing > results. > I've installed the 3.16.43-2+deb8u2 version on our jessie integration server and it looks good, the jsvc services started properly. I'll let the new kernel running and keep an eye on it. Charles
Bug#865311: jsvc: SIGSEV in child process when starting jsvc
Thanks for hint. It's working again. cat /etc/default/unifi JSVC_EXTRA_OPTS=-Xss1280k -- jc On Thu, 22 Jun 2017 07:30:55 + André Schildwrote: > Adding these options to JSVC prevents it from crashing: > -Xss1280k > > André
Bug#865311: jsvc: SIGSEV in child process when starting jsvc
On Wed, 21 Jun 2017 09:47:38 +0200 Charles Leclercwrote: > 2017-06-21 3:10 GMT+02:00 Ben Hutchings : > > > > Control: tag -1 confirmed > > Control: fixed -1 4.11.6-1 > > > > On Tue, 20 Jun 2017 15:12:25 +0200 Charles Leclerc > > wrote: > > > Package: jsvc > > > Version: 1.0.15-6+deb8u1 > > > Severity: important > > > > > > When trying to start a very simple java daemon on jessie jsvc > > > through systemd we obtain this error message: > > > > > > Service killed by signal 11 > > > > > > Then we need to SIGKILL the parent process. > > [...] > > > I've installed a fresh VM to try to reproduce this bug on a new machine : > > > > > > - installed jessie with ssh and standard utilities > > > - installed openjdk-8-jre from backports > > > - installed jsvc > > > - Created this java file: > > [...] > > > - compiled with: > > > $ javac -cp /usr/share/java/commons-daemon-1.0.15.jar Run.java > > > - and tried to run with: > > > $ /usr/bin/jsvc -nodetach -outfile '&2' -errfile '&2' -pidfile > > > /tmp/jsvc.pid -cp /usr/share/java/commons-daemon-1.0.15.jar -java-home > > > /usr/lib/jvm/java-8-openjdk- Adding these options to JSVC prevents it from crashing: -Xss1280k André
Bug#865311: jsvc: SIGSEV in child process when starting jsvc
2017-06-21 3:10 GMT+02:00 Ben Hutchings: > > Control: tag -1 confirmed > Control: fixed -1 4.11.6-1 > > On Tue, 20 Jun 2017 15:12:25 +0200 Charles Leclerc > wrote: > > Package: jsvc > > Version: 1.0.15-6+deb8u1 > > Severity: important > > > > When trying to start a very simple java daemon on jessie jsvc > > through systemd we obtain this error message: > > > > Service killed by signal 11 > > > > Then we need to SIGKILL the parent process. > [...] > > I've installed a fresh VM to try to reproduce this bug on a new machine : > > > > - installed jessie with ssh and standard utilities > > - installed openjdk-8-jre from backports > > - installed jsvc > > - Created this java file: > [...] > > - compiled with: > > $ javac -cp /usr/share/java/commons-daemon-1.0.15.jar Run.java > > - and tried to run with: > > $ /usr/bin/jsvc -nodetach -outfile '&2' -errfile '&2' -pidfile > > /tmp/jsvc.pid -cp /usr/share/java/commons-daemon-1.0.15.jar -java-home > > /usr/lib/jvm/java-8-openjdk-amd64 Run > > Service killed by signal 11 > [...] > > Thanks, this makes it pretty easy to reproduce. I did have to add > ':$PWD' to the end of the -cp argument though. Indeed. > > The kernel version in unstable has a later version of the fix and that > *doesn't* cause jsvc to crash. So we should probably switch to that > version soon. I'll wait for that thanks ! > Ben. > > -- > Ben Hutchings > The most exhausting thing in life is being insincere. - Anne Morrow > Lindberg > Charles
Bug#865311: jsvc: SIGSEV in child process when starting jsvc
Control: tag -1 confirmed Control: fixed -1 4.11.6-1 On Tue, 20 Jun 2017 15:12:25 +0200 Charles Leclercwrote: > Package: jsvc > Version: 1.0.15-6+deb8u1 > Severity: important > > When trying to start a very simple java daemon on jessie jsvc > through systemd we obtain this error message: > > Service killed by signal 11 > > Then we need to SIGKILL the parent process. [...] > I've installed a fresh VM to try to reproduce this bug on a new machine : > > - installed jessie with ssh and standard utilities > - installed openjdk-8-jre from backports > - installed jsvc > - Created this java file: [...] > - compiled with: > $ javac -cp /usr/share/java/commons-daemon-1.0.15.jar Run.java > - and tried to run with: > $ /usr/bin/jsvc -nodetach -outfile '&2' -errfile '&2' -pidfile /tmp/jsvc.pid > -cp /usr/share/java/commons-daemon-1.0.15.jar -java-home > /usr/lib/jvm/java-8-openjdk-amd64 Run > Service killed by signal 11 [...] Thanks, this makes it pretty easy to reproduce. I did have to add ':$PWD' to the end of the -cp argument though. The kernel version in unstable has a later version of the fix and that *doesn't* cause jsvc to crash. So we should probably switch to that version soon. Ben. -- Ben Hutchings The most exhausting thing in life is being insincere. - Anne Morrow Lindberg signature.asc Description: This is a digitally signed message part
Bug#865311: #865311: security update for CVE-2017-1000364 breaks UniFi Controller
reassign 865311 src:linux retitle 865311 security update for CVE-2017-1000364 breaks UniFi Controller thanks Am 20.06.2017 um 22:30 schrieb Charles Leclerc: > Downgrading linux-image-3.16.0-4-amd64 to 3.16.43-2 defenitely fixes the > problem. Ok, then I am going to reassign this bug report to src:linux because this looks like a kernel regression. Summary: Security update for CVE-2017-1000364 breaks the UniFi controller and leads to segmentation faults when using the jsvc package. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#865311: #865311: security update for CVE-2017-1000364 breaks UniFi Controller
reassign -1 src:linux retitle -1 security update for CVE-2017-1000364 breaks UniFi Controller thanks Am 20.06.2017 um 22:30 schrieb Charles Leclerc: > Downgrading linux-image-3.16.0-4-amd64 to 3.16.43-2 defenitely fixes the > problem. Ok, then I am going to reassign this bug report to src:linux because this looks like a kernel regression. Summary: Security update for CVE-2017-1000364 breaks the UniFi controller and leads to segmentation faults when using the jsvc package. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#865311:
Hello, this is widely discussed in the ubiquity Forum [1] because it breakes the UniFi Controller. Consensus seems to be that the kernel upgrade with the fix for CVE-2017-1000364 caused the issue. Strech seems to be affected as well. Cheers, Martin [1] https://community.ubnt.com/t5/UniFi-Wireless/Unifi-Controller-on-Debian-9/td-p/1967180
Bug#865311: jsvc: SIGSEV in child process when starting jsvc
Package: jsvc Version: 1.0.15-6+deb8u1 Severity: important When trying to start a very simple java daemon on jessie jsvc through systemd we obtain this error message: Service killed by signal 11 Then we need to SIGKILL the parent process. The problem appeared on our servers after the last apt upgrade which installed the following packages (the servers were rebooted after the upgrade): Upgrade: python-acme:amd64 (0.10.2-1~bpo8+1, 0.10.2-1~bpo8+2), libgnutls-openssl27:amd64 (3.3.8-6+deb8u5, 3.3.8-6+deb8u6), multiarch-support:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), linux-image-3.16.0-4-amd64:amd64 (3.16.43-2, 3.16.43-2+deb8u1), exim4-base:amd64 (4.84.2-2+deb8u3, 4.84.2-2+deb8u4), libgnutls-deb0-28:amd64 (3.3.8-6+deb8u5, 3.3.8-6+deb8u6), libc-dev-bin:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), libc-bin:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), libc6:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), exim4-daemon-light:amd64 (4.84.2-2+deb8u3, 4.84.2-2+deb8u4), exim4-config:amd64 (4.84.2-2+deb8u3, 4.84.2-2+deb8u4), libzzip-0-13:amd64 (0.13.62-3, 0.13.62-3+deb8u1), linux-libc-dev:amd64 (3.16.43-2, 3.16.43-2+deb8u1), libffi-dev:amd64 (3.1-2+b2, 3.1-2+deb8u1), locales:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), locales-all:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), libc6-dev:amd64 (2.19-18+deb8u9, 2.19-18+deb8u10), libgcrypt20:amd64 (1.6.3-2+deb8u2, 1.6.3-2+deb8u3), libffi6:amd64 (3.1-2+b2, 3.1-2+deb8u1) I've installed a fresh VM to try to reproduce this bug on a new machine : - installed jessie with ssh and standard utilities - installed openjdk-8-jre from backports - installed jsvc - Created this java file: - import org.apache.commons.daemon.Daemon; import org.apache.commons.daemon.DaemonContext; import org.apache.commons.daemon.DaemonInitException; public class Run implements Daemon { private class Runner extends Thread { public void run() { synchronized(this) { try { wait(); } catch (Exception e) {} } } } Runner r = new Runner(); @Override public void init(DaemonContext context) throws DaemonInitException, Exception {} @Override public void start() throws Exception { r.start(); } @Override public void stop() throws Exception { synchronized(r) { r.notify(); } } @Override public void destroy() {} } Which basically starts and wait for termination - compiled with: $ javac -cp /usr/share/java/commons-daemon-1.0.15.jar Run.java - and tried to run with: $ /usr/bin/jsvc -nodetach -outfile '&2' -errfile '&2' -pidfile /tmp/jsvc.pid -cp /usr/share/java/commons-daemon-1.0.15.jar -java-home /usr/lib/jvm/java-8-openjdk-amd64 Run Service killed by signal 11 I would upgrade to stretch but it's not yet supported on our OVH vps. Thanks for your help ! -- System Information: Debian Release: 8.8 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages jsvc depends on: ii libc6 2.19-18+deb8u10 ii libcommons-daemon-java 1.0.15-6+deb8u1 Versions of packages jsvc recommends: ii openjdk-8-jre-headless [java2-runtime-headless] 8u131-b11-1~bpo8+1 jsvc suggests no packages. -- no debconf information