Your message dated Sun, 23 Nov 2008 15:02:11 +0000 with message-id <E1L4GTT-0001Qy-3p@ries.debian.org> and subject line Bug#505330: fixed in openssh 1:5.1p1-4 has caused the Debian Bug report #505330, regarding ssh: glibc detected double free or corruption with local forwarding to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 505330: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505330 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ssh: glibc detected double free or corruption with local forwarding
- From: Arthur de Jong <adejong@debian.org>
- Date: Tue, 11 Nov 2008 20:21:40 +0100
- Message-id: <[🔎] 1226431300.17271.9.camel@sorbet.thuis.net>
Subject: ssh: glibc detected double free or corruption with local forwarding Package: ssh Version: 1:5.1p1-3 Severity: normal When starting a local forward in an existing session a double free cash can be forced. This is simple to reproduce: % ssh somehost [...] % ~C ssh> -L *.80:localhost:80 Bad forwarding specification. *** glibc detected *** ssh: double free or corruption (fasttop): 0xb95431b0 *** ======= Backtrace: ========= /lib/i686/cmov/libc.so.6[0xb7ada6b4] /lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7adc8b6] ssh[0xb7ee3c7d] ssh[0xb7ec014b] ssh(client_simple_escape_filter+0x5f)[0xb7ec0e5f] ssh[0xb7ed5145] ssh[0xb7ed5655] ssh[0xb7ed93fb] ssh[0xb7ec1af8] ssh(main+0x1885)[0xb7ebaaa5] /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7a82455] ssh[0xb7eb8b01] ======= Memory map: ======== b7800000-b7821000 rw-p b7800000 00:00 0 b7821000-b7900000 ---p b7821000 00:00 0 b79be000-b79ca000 r-xp 00000000 08:01 379003 /lib/libgcc_s.so.1 b79ca000-b79cb000 rw-p 0000b000 08:01 379003 /lib/libgcc_s.so.1 b79cb000-b79d5000 r-xp 00000000 08:01 331425 /lib/i686/cmov/libnss_files-2.7.so b79d5000-b79d7000 rw-p 00009000 08:01 331425 /lib/i686/cmov/libnss_files-2.7.so b79d7000-b7a0c000 r--s 00000000 08:01 62598 /var/cache/nscd/services b7a0c000-b7a41000 r--s 00000000 08:01 60442 /var/cache/nscd/passwd b7a41000-b7a43000 rw-p b7a41000 00:00 0 b7a43000-b7a58000 r-xp 00000000 08:01 331472 /lib/i686/cmov/libpthread-2.7.so b7a58000-b7a5a000 rw-p 00014000 08:01 331472 /lib/i686/cmov/libpthread-2.7.so b7a5a000-b7a5c000 rw-p b7a5a000 00:00 0 b7a5c000-b7a5e000 r-xp 00000000 08:01 116464 /lib/libkeyutils-1.2.so b7a5e000-b7a5f000 rw-p 00001000 08:01 116464 /lib/libkeyutils-1.2.so b7a5f000-b7a60000 rw-p b7a5f000 00:00 0 b7a60000-b7a67000 r-xp 00000000 08:01 174787 /usr/lib/libkrb5support.so.0.1 b7a67000-b7a68000 rw-p 00006000 08:01 174787 /usr/lib/libkrb5support.so.0.1 b7a68000-b7a6a000 r-xp 00000000 08:01 328990 /lib/i686/cmov/libdl-2.7.so b7a6a000-b7a6c000 rw-p 00001000 08:01 328990 /lib/i686/cmov/libdl-2.7.so b7a6c000-b7bc1000 r-xp 00000000 08:01 328979 /lib/i686/cmov/libc-2.7.so b7bc1000-b7bc2000 r--p 00155000 08:01 328979 /lib/i686/cmov/libc-2.7.so b7bc2000-b7bc4000 rw-p 00156000 08:01 328979 /lib/i686/cmov/libc-2.7.so b7bc4000-b7bc7000 rw-p b7bc4000 00:00 0 b7bc7000-b7bc9000 r-xp 00000000 08:01 281074 /lib/libcom_err.so.2.1 b7bc9000-b7bca000 rw-p 00001000 08:01 281074 /lib/libcom_err.so.2.1 b7bca000-b7bed000 r-xp 00000000 08:01 166307 /usr/lib/libk5crypto.so.3.1 b7bed000-b7bee000 rw-p 00023000 08:01 166307 /usr/lib/libk5crypto.so.3.1 b7bee000-b7bef000 rw-p b7bee000 00:00 0 b7bef000-b7c81000 r-xp 00000000 08:01 174550 /usr/lib/libkrb5.so.3.3 b7c81000-b7c83000 rw-p 00092000 08:01 174550 /usr/lib/libkrb5.so.3.3 b7c83000-b7cac000 r-xp 00000000 08:01 166306 /usr/lib/libgssapi_krb5.so.2.2 b7cac000-b7cad000 rw-p 00028000 08:01 166306 /usr/lib/libgssapi_krb5.so.2.2 b7cad000-b7cb6000 r-xp 00000000 08:01 328989 /lib/i686/cmov/libcrypt-2.7.so b7cb6000-b7cb8000 rw-p 00008000 08:01 328989 /lib/i686/cmov/libcrypt-2.7.so b7cb8000-b7cdf000 rw-p b7cb8000 00:00 0 b7cdf000-b7cf4000 r-xp 00000000 08:01 328997 /lib/i686/cmov/libnsl-2.7.so b7cf4000-b7cf6000 rw-p 00014000 08:01 328997 /lib/i686/cmov/libnsl-2.7.so b7cf6000-b7cf8000 rw-p b7cf6000 00:00 0 b7cf8000-b7d0c000 r-xp 00000000 08:01 281046 /usr/lib/libz.so.1.2.3.3 b7d0c000-b7d0d000 rw-p 00013000 08:01 281046 /usr/lib/libz.so.1.2.3.3 b7d0d000-b7d0f000 r-xp 00000000 08:01 331477 /lib/i686/cmov/libutil-2.7.so b7d0f000-b7d11000 rw-p 00001000 08:01 331477 /lib/i686/cmov/libutil-2.7.so b7d11000-b7d12000 rw-p b7d11000 00:00 0 b7d12000-b7e4c000 r-xp 00000000 08:01 115944 /usr/lib/i686/cmov/libcrypto.so.0.9.8 b7e4c000-b7e62000 rw-p 0013a000 08:01 115944 /usr/lib/i686/cmov/libcrypto.so.0.9.8 b7e62000-b7e65000 rw-p b7e62000 00:00 0 b7e65000-b7e75000 r-xp 00000000 08:01 331473 /lib/i686/cmov/libresolv-2.7.so b7e75000-b7e77000 rw-p 0000f000 08:01 331473 /lib/i686/cmov/libresolv-2.7.so b7e77000-b7e79000 rw-p b7e77000 00:00 0 b7e94000-b7e96000 rw-p b7e94000 00:00 0 b7e96000-b7e97000 r-xp b7e96000 00:00 0 [vdso] b7e97000-b7eb1000 r-xp 00000000 08:01 374678 /lib/ld-2.7.so b7eb1000-b7eb3000 rw-p 0001a000 08:01 374678 /lib/ld-2.7.so b7eb3000-b7f03000 r-xp 00000000 08:01 Abort (the backtrace is formatted a little because the output is a little messed up) The problem does not occur when invoked in the command line or when used in ~/.ssh/config. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ssh depends on: ii openssh-client 1:5.1p1-3 secure shell client, an rlogin/rsh ii openssh-server 1:5.1p1-3 secure shell server, an rshd repla -- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 505330-close@bugs.debian.org
- Subject: Bug#505330: fixed in openssh 1:5.1p1-4
- From: Colin Watson <cjwatson@debian.org>
- Date: Sun, 23 Nov 2008 15:02:11 +0000
- Message-id: <E1L4GTT-0001Qy-3p@ries.debian.org>
Source: openssh Source-Version: 1:5.1p1-4 We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive: openssh-client-udeb_5.1p1-4_i386.udeb to pool/main/o/openssh/openssh-client-udeb_5.1p1-4_i386.udeb openssh-client_5.1p1-4_i386.deb to pool/main/o/openssh/openssh-client_5.1p1-4_i386.deb openssh-server-udeb_5.1p1-4_i386.udeb to pool/main/o/openssh/openssh-server-udeb_5.1p1-4_i386.udeb openssh-server_5.1p1-4_i386.deb to pool/main/o/openssh/openssh-server_5.1p1-4_i386.deb openssh_5.1p1-4.diff.gz to pool/main/o/openssh/openssh_5.1p1-4.diff.gz openssh_5.1p1-4.dsc to pool/main/o/openssh/openssh_5.1p1-4.dsc ssh-askpass-gnome_5.1p1-4_i386.deb to pool/main/o/openssh/ssh-askpass-gnome_5.1p1-4_i386.deb ssh-krb5_5.1p1-4_all.deb to pool/main/o/openssh/ssh-krb5_5.1p1-4_all.deb ssh_5.1p1-4_all.deb to pool/main/o/openssh/ssh_5.1p1-4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 505330@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwatson@debian.org> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 23 Nov 2008 14:46:10 +0000 Source: openssh Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source all i386 Version: 1:5.1p1-4 Distribution: unstable Urgency: low Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell client, an rlogin/rsh/rcp replacement openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell server, an rshd replacement openssh-server-udeb - secure shell server for the Debian installer (udeb) ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 226172 495917 505330 Changes: openssh (1:5.1p1-4) unstable; urgency=low . * ssh-copy-id: Strip trailing colons from hostname (closes: #226172, LP: #249706; thanks to Karl Goetz for nudging this along; forwarded upstream as https://bugzilla.mindrot.org/show_bug.cgi?id=1530). * Backport from upstream CVS (Markus Friedl): - Only send eow and no-more-sessions requests to openssh 5 and newer; fixes interop problems with broken ssh v2 implementations (closes: #495917). * Fix double-free when failing to parse a forwarding specification given using ~C (closes: #505330; forwarded upstream as https://bugzilla.mindrot.org/show_bug.cgi?id=1539). Checksums-Sha1: 56eb2414098de3c598fc0152d86c7cefd6d8fabc 1500 openssh_5.1p1-4.dsc 09d556c0772e15bc39330312d2b7ef939c0519d0 215803 openssh_5.1p1-4.diff.gz ba334b7acf58316460e3a6b5e34b1e2356a12ace 1202 ssh_5.1p1-4_all.deb 9ee8b102d55ff44bb7c0cd81495d61ae5d5d5020 115316 ssh-krb5_5.1p1-4_all.deb 9dd317a1487bcc50fc39df0f0fbd46dcbb1c8121 815804 openssh-client_5.1p1-4_i386.deb b42a22d64f8214e4f83f16b4aac762a337a3d106 294982 openssh-server_5.1p1-4_i386.deb 43c618ff8514739dc396df8f350d31a5700aa45d 122846 ssh-askpass-gnome_5.1p1-4_i386.deb be2955a313e2ca3f87df21c500ead5b3ae452515 177222 openssh-client-udeb_5.1p1-4_i386.udeb e4e83ee4496aba9992b38374283aaafd58ec2cdd 198788 openssh-server-udeb_5.1p1-4_i386.udeb Checksums-Sha256: f367771afac21a1f33089627cbeb2d7e5fcf55aeac12ddaf5c734d652e154e21 1500 openssh_5.1p1-4.dsc e399bd90838350cc2a0ba15f936a85a432fd75e9f5f1aeb8df3d05a0d76be043 215803 openssh_5.1p1-4.diff.gz 935fa746ac6c7320605f7c3cf9c378dedaa53058a45af5dc5fde978ab63730cc 1202 ssh_5.1p1-4_all.deb e3911ab85be44f97c2d4875a84ffe9d4e26ac8e5fca45e3c2eeaa2a8276964bb 115316 ssh-krb5_5.1p1-4_all.deb 61969b9dac1d6f9bb7c3aaffe5baf39ec3e2fb0b2ffce03c7ea7df4a52d8fcb0 815804 openssh-client_5.1p1-4_i386.deb ce8c408d4a9d112f6ca30c95e835fddff46bc25ab4319a6fbb3c007952ecb49f 294982 openssh-server_5.1p1-4_i386.deb 46c6932c747b1b1eb49d3f75fe73795c717fe11503254a65a5c75a2958398bd8 122846 ssh-askpass-gnome_5.1p1-4_i386.deb ba7912ef93ccabb554acccdcc24bd6657771a9da8409278b0a21cbdf504f4955 177222 openssh-client-udeb_5.1p1-4_i386.udeb af7ee2e663f656edeb9aa146f0edb6d7355a81c76cee9e77646037c8a7c79119 198788 openssh-server-udeb_5.1p1-4_i386.udeb Files: 744b60d3a77bdb2e66d9077e80af9704 1500 net standard openssh_5.1p1-4.dsc 4ece2314205ae8e012c38382dd7aff3c 215803 net standard openssh_5.1p1-4.diff.gz 781923a1c6484a520f04ccca8450e6ca 1202 net extra ssh_5.1p1-4_all.deb 1ceecc544c110721dc4dc1206c523c4a 115316 net extra ssh-krb5_5.1p1-4_all.deb c6612644a1a0d8df4307ba7cd042767a 815804 net standard openssh-client_5.1p1-4_i386.deb 18dc57c2b6aaffac1554f0b5a361601e 294982 net optional openssh-server_5.1p1-4_i386.deb 513af730861cf977537633e778582dc4 122846 gnome optional ssh-askpass-gnome_5.1p1-4_i386.deb fe0168f27cbe343bed4cd7a41e516e59 177222 debian-installer optional openssh-client-udeb_5.1p1-4_i386.udeb d1a88b498e5c3043ba9e85ad07e353a6 198788 debian-installer optional openssh-server-udeb_5.1p1-4_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iD8DBQFJKW4t9t0zAhD6TNERAg7rAJ9wMGX8o92RYSbQ7rONpNkU6q6oNwCePy7U P2cUat67UOkHS/Qa7CTHjmU= =qKcl -----END PGP SIGNATURE-----
--- End Message ---