[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#813492: kde-workspace-bin: kdeinit4 increase memory-consumption by every extern ssh-login and never release it



Package: kde-workspace-bin
Version: 4:4.11.13-2
Severity: critical
Justification: causes serious data loss



-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kde-workspace-bin depends on:
ii  iso-codes                     3.57-1
ii  kde-runtime                   4:4.14.2-2
ii  kde-style-oxygen              4:4.11.13-2
ii  kde-workspace-data            4:4.11.13-2
ii  kde-workspace-kgreet-plugins  4:4.11.13-2
ii  kscreen                       1.0.2.1-1
ii  libc6                         2.19-18+deb8u2
ii  libcln6                       1.3.4-1
ii  libdbusmenu-qt2               0.9.2-1
ii  libfontconfig1                2.11.0-6.3
ii  libfreetype6                  2.5.2-3+deb8u1
ii  libgcc1                       1:4.9.2-10
ii  libgl1-mesa-glx [libgl1]      10.3.2-1+deb8u1
ii  libice6                       2:1.0.9-1+b1
ii  libjpeg62-turbo               1:1.3.1-12
ii  libkactivities6               4:4.13.3-1
ii  libkcmutils4                  4:4.14.2-5
ii  libkdeclarative5              4:4.14.2-5
ii  libkdecore5                   4:4.14.2-5
ii  libkdesu5                     4:4.14.2-5
ii  libkdeui5                     4:4.14.2-5
ii  libkfile4                     4:4.14.2-5
ii  libkidletime4                 4:4.14.2-5
ii  libkio5                       4:4.14.2-5
ii  libknewstuff3-4               4:4.14.2-5
ii  libknotifyconfig4             4:4.14.2-5
ii  libkparts4                    4:4.14.2-5
ii  libkpty4                      4:4.14.2-5
ii  libkscreensaver5              4:4.11.13-2
ii  libkworkspace4abi2            4:4.11.13-2
ii  libnepomukcore4               4:4.14.0-1+b2
ii  libpam0g                      1.1.8-3.1+deb8u1
ii  libphonon4                    4:4.8.0-4
ii  libplasma3                    4:4.14.2-5
ii  libplasmagenericshell4        4:4.11.13-2
ii  libpng12-0                    1.2.50-2+deb8u2
ii  libprocesscore4abi1           4:4.11.13-2
ii  libprocessui4a                4:4.11.13-2
ii  libqalculate5                 0.9.7-9
ii  libqimageblitz4               1:0.0.6-4
ii  libqjson0                     0.8.1-3
ii  libqt4-dbus                   4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqt4-declarative            4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqt4-sql                    4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqt4-xml                    4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqtcore4                    4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqtgui4                     4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libsm6                        2:1.2.2-1+b1
ii  libsolid4                     4:4.14.2-5
ii  libsoprano4                   2.9.4+dfsg-1.1
ii  libstdc++6                    4.9.2-10
ii  libstreamanalyzer0            0.7.8-1.2+b2
ii  libudev1                      215-17+deb8u3
ii  libusb-0.1-4                  2:0.1.12-25
ii  libx11-6                      2:1.6.2-3
ii  libxcursor1                   1:1.1.14-1+b1
ii  libxext6                      2:1.3.3-1
ii  libxfixes3                    1:5.0.1-2+b2
ii  libxft2                       2.3.2-1
ii  libxi6                        2:1.7.4-1+b2
ii  libxinerama1                  2:1.1.3-1+b1
ii  libxkbfile1                   1:1.0.8-1
ii  libxrandr2                    2:1.4.2-1+b1
ii  libxrender1                   1:0.9.8-1+b1
ii  libxtst6                      2:1.2.2-1+b1
ii  phonon                        4:4.8.0-4
ii  plasma-desktop                4:4.11.13-2
ii  qdbus                         4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  x11-utils                     7.7+2
ii  x11-xserver-utils             7.7+3+b1

Versions of packages kde-workspace-bin recommends:
ii  plasma-scriptengines  4:4.11.13-2
ii  policykit-1-gnome     0.105-2
ii  polkit-kde-1          0.99.1-1
ii  upower                0.99.1-3.2

Versions of packages kde-workspace-bin suggests:
ii  x11-xkb-utils  7.7+1

-- no debconf information

Hallo,

if one User on the machine run kde and this one or an other user makes a ssh-connection like
ssh  test@$IP1 -i ~/.ssh/test-key ls
the kdeinit4-process of the local user increase memory-consumption for any login and never 
released it until the local user logged out. If many ssh-requests appear the memory filled over quota, 
than system begin to swap and ultimatly it crashed without closing files and so on.

Possible it exist other vectors to use this crashing-method. Above all it is very suprising, that 
login from other users have a consequence by the local user. If this user use i. e. gnome no problems seen.

I found the problem by testing systems with a external loop including many ssh-calls. And I see the systems
crashed all. Without running kde _or_ without ssh-calls the system looks stabil. The systems are virtual using 
kvm (qemu). Crosstesting on a real system with kernel 4.4.0 (patched with a line against cve-2016-0718) sound like
non-affected. I will test with a other kernel on the kvm-machines in future.

with regards
Andreas Matthus
  


Reply to: