Re: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
Hi Roberto, On 2018-09-18 02:54, Roberto C. Sánchez wrote: Joost, Thanks to your detailed report and the supplementary information you provided I have been able to determine the cause of the defect in the patch for openssh 1:6.0p1-4+deb7u8. I have just uploaded a new openssh (version 1:6.0p1-4+deb7u10) and published an updated advisory (ELA-37-3). With the additional information I received from you I was able to perform much more thorough testing of these packages and specific testing to ensure that the defect has been corrected. Thanks for the quick fix. openssh-server 6.0p1-4+deb7u10 works as expected here. Cheers, Mikael
Re: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
On Mon, Sep 17, 2018 at 10:58:15AM +0200, Joost van Baal-Ilić wrote: > Hi, > > After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to > 6.0p1-4+deb7u8, > we see > > Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from 1.2.3.4 > port 39792 ssh2 > Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as > argument [preauth] > > . Login fails: > > joostvb@home:~% ssh root@host > Authentication failed. > > . Downgrading back to 6.0p1-4+deb7u7 restores login functionality. > > Behaviour observed on 2 of our machines. Possibly more debug information > available; please ask. > > Bye, > > Joost > Joost, Thanks to your detailed report and the supplementary information you provided I have been able to determine the cause of the defect in the patch for openssh 1:6.0p1-4+deb7u8. I have just uploaded a new openssh (version 1:6.0p1-4+deb7u10) and published an updated advisory (ELA-37-3). With the additional information I received from you I was able to perform much more thorough testing of these packages and specific testing to ensure that the defect has been corrected. Regards, -Roberto -- Roberto C. Sánchez
Re: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
On Mon, Sep 17, 2018 at 02:06:29PM +0200, Joost van Baal-Ilić wrote: > > Oops: > > E: Version '1:6.0p1-4+deb7u8' for 'openssh-server' was not found > > (Thanks Markus Koschany for acting so quick!) > > Roberto: do you have that one available for me? I can no longer find it. > No problem. I have uploaded the same packages here: https://people.debian.org/~roberto Regards, -Roberto -- Roberto C. Sánchez
Re: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
Hi Roberto, Op Mon, Sep 17, 2018 at 01:53:59PM +0200 schreef Joost van Baal-Ilić: > Op Mon, Sep 17, 2018 at 07:50:00AM -0400 schreef Roberto C. Sánchez: > > On Mon, Sep 17, 2018 at 12:00:48PM +0200, Joost van Baal-Ilić wrote: > > > Op Mon, Sep 17, 2018 at 11:49:12AM +0200 schreef Микаел Бак: > > > > On 2018-09-17 10:58, Joost van Baal-Ilić wrote: > > > > > > > > > >After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to > > > > >6.0p1-4+deb7u8, > > > > >we see > > > > > > > > > > Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from > > > > > 1.2.3.4 port 39792 ssh2 > > > > > Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given > > > > > as argument [preauth] > > > > > > > > > >. Login fails: > > > > > > > > > > joostvb@home:~% ssh root@host > > > > > Authentication failed. > > > > > > > > > >. Downgrading back to 6.0p1-4+deb7u7 restores login functionality. > > > > > > > > > >Behaviour observed on 2 of our machines. Possibly more debug > > > > >information > > > > >available; please ask. > > > > > > > > > > > > > I also get the same error on all my wheezy servers after updating the > > > > openssh-server package. All of them are LXC containers running on a > > > > Ubuntu > > > > 16.04 LTS host. Perhaps it has something to do with it. > > > > > > FWIW; here it is VMWare guests running a pretty regular Debian 7/wheezy. > > > > > > Thanks, Bye, > > > > > > Joost > > > > > > > I am the developer who prepard the problematic openssh update. > > > > I have been trying to reproduce this problem, but I cannot trigger the > > failure described. Prior to your two reports I had received a report > > via direct email from another user experiencing the same symptons. > > > > I tried a wheezy server running 1:6.0p1-4+deb7u7 and also > > 1:6.0p1-4+deb7u8 (I setup a fresh VM just for this test) against clients > > running wheezy (1:6.0p1-4+deb7u7 and 1:6.0p1-4+deb7u8) as well as a > > jessie client. Every single authentication attempt succeeded. > > > > Do you think you could provide some additional information to help me > > reproduce the problem? > > > > - architecture > > - sshd_config from server and ssh_config from client (and any > > ~/.ssh/config involved if that is a factor) > > - complete server-side log output of a failed login attempt (after > > setting the log level to debug or something else suitably verbose) > > - complete client-side console output of a failed login attempt run with > > the -vvv option to the ssh command > > - any other information that may identify unique aspects of your setup > > that might in any way be related to the failure > > > > If you prefer not share such via public list, please mail it to me > > directly. If you need to encrypt the email to me, my GPG key is > > available in the Debian keyring (ID 0x7731FCCC63E4E277). > > Collecting this information now. > > Will send privately. Oops: E: Version '1:6.0p1-4+deb7u8' for 'openssh-server' was not found (Thanks Markus Koschany for acting so quick!) Roberto: do you have that one available for me? I can no longer find it. Thanks, Bye, Joost -- ✉ Joost van Baal-Ilić irc://irc.uvt.nl/joostvb http://abramowitz.uvt.nl/ kamer G 236 LIS Unix ☎ (013-466-)4683 https://go.uvt.nl/unix signature.asc Description: Digital signature
Re: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
Hi Roberto, Op Mon, Sep 17, 2018 at 07:50:00AM -0400 schreef Roberto C. Sánchez: > On Mon, Sep 17, 2018 at 12:00:48PM +0200, Joost van Baal-Ilić wrote: > > Op Mon, Sep 17, 2018 at 11:49:12AM +0200 schreef Микаел Бак: > > > On 2018-09-17 10:58, Joost van Baal-Ilić wrote: > > > > > > > >After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to > > > >6.0p1-4+deb7u8, > > > >we see > > > > > > > > Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from > > > > 1.2.3.4 port 39792 ssh2 > > > > Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as > > > > argument [preauth] > > > > > > > >. Login fails: > > > > > > > > joostvb@home:~% ssh root@host > > > > Authentication failed. > > > > > > > >. Downgrading back to 6.0p1-4+deb7u7 restores login functionality. > > > > > > > >Behaviour observed on 2 of our machines. Possibly more debug information > > > >available; please ask. > > > > > > > > > > I also get the same error on all my wheezy servers after updating the > > > openssh-server package. All of them are LXC containers running on a Ubuntu > > > 16.04 LTS host. Perhaps it has something to do with it. > > > > FWIW; here it is VMWare guests running a pretty regular Debian 7/wheezy. > > > > Thanks, Bye, > > > > Joost > > > > I am the developer who prepard the problematic openssh update. > > I have been trying to reproduce this problem, but I cannot trigger the > failure described. Prior to your two reports I had received a report > via direct email from another user experiencing the same symptons. > > I tried a wheezy server running 1:6.0p1-4+deb7u7 and also > 1:6.0p1-4+deb7u8 (I setup a fresh VM just for this test) against clients > running wheezy (1:6.0p1-4+deb7u7 and 1:6.0p1-4+deb7u8) as well as a > jessie client. Every single authentication attempt succeeded. > > Do you think you could provide some additional information to help me > reproduce the problem? > > - architecture > - sshd_config from server and ssh_config from client (and any > ~/.ssh/config involved if that is a factor) > - complete server-side log output of a failed login attempt (after > setting the log level to debug or something else suitably verbose) > - complete client-side console output of a failed login attempt run with > the -vvv option to the ssh command > - any other information that may identify unique aspects of your setup > that might in any way be related to the failure > > If you prefer not share such via public list, please mail it to me > directly. If you need to encrypt the email to me, my GPG key is > available in the Debian keyring (ID 0x7731FCCC63E4E277). Collecting this information now. Will send privately. Thanks for your prompt reply, Kind regards, Joost signature.asc Description: Digital signature
Re: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
I am going to revert the openssh update for Wheezy now since the original uploader cannot be reached at the moment. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
Hi, Op Mon, Sep 17, 2018 at 11:49:12AM +0200 schreef Микаел Бак: > On 2018-09-17 10:58, Joost van Baal-Ilić wrote: > > > >After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to > >6.0p1-4+deb7u8, > >we see > > > > Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from 1.2.3.4 > > port 39792 ssh2 > > Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as > > argument [preauth] > > > >. Login fails: > > > > joostvb@home:~% ssh root@host > > Authentication failed. > > > >. Downgrading back to 6.0p1-4+deb7u7 restores login functionality. > > > >Behaviour observed on 2 of our machines. Possibly more debug information > >available; please ask. > > > > I also get the same error on all my wheezy servers after updating the > openssh-server package. All of them are LXC containers running on a Ubuntu > 16.04 LTS host. Perhaps it has something to do with it. FWIW; here it is VMWare guests running a pretty regular Debian 7/wheezy. Thanks, Bye, Joost signature.asc Description: Digital signature
Re: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
Hi, On 2018-09-17 10:58, Joost van Baal-Ilić wrote: Hi, After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to 6.0p1-4+deb7u8, we see Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from 1.2.3.4 port 39792 ssh2 Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as argument [preauth] . Login fails: joostvb@home:~% ssh root@host Authentication failed. . Downgrading back to 6.0p1-4+deb7u7 restores login functionality. Behaviour observed on 2 of our machines. Possibly more debug information available; please ask. I also get the same error on all my wheezy servers after updating the openssh-server package. All of them are LXC containers running on a Ubuntu 16.04 LTS host. Perhaps it has something to do with it. Cheers, Mikael
fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
Hi, After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to 6.0p1-4+deb7u8, we see Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from 1.2.3.4 port 39792 ssh2 Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as argument [preauth] . Login fails: joostvb@home:~% ssh root@host Authentication failed. . Downgrading back to 6.0p1-4+deb7u7 restores login functionality. Behaviour observed on 2 of our machines. Possibly more debug information available; please ask. Bye, Joost -- Joost van Baal-Ilić http://abramowitz.uvt.nl/ Tilburg University mailto:joostvb.uvt.nl The Netherlands signature.asc Description: Digital signature