Control: tags -1 confirmed El 12/09/18 a las 10:36, Salvatore Bonaccorso escribió: > Source: openssh > Version: 1:6.7p1-5+deb8u6 > Severity: normal > > Hi > > DLA-1500-1 introduced the following regression: In cases where > ForwardX11 is enabled, say globally for all via ssh_config, or via > command line switch, but no DISPLAY is set (e.g. in cronjob), then newly > a > > > DISPLAY "(null)" invalid; disabling X11 forwarding > > is issued. > > root@jessie-amd64:~# unset DISPLAY > root@jessie-amd64:~# ssh -X root@localhost uname -a > DISPLAY "(null)" invalid; disabling X11 forwarding > Linux jessie-amd64 3.16.0-6-amd64 #1 SMP Debian 3.16.57-2 (2018-07-14) x86_64 GNU/Linux > root@jessie-amd64:~# > > Downgrading to 1:6.7p1-5+deb8u5 fixes the problem: > > root@jessie-amd64:~# unset DISPLAY > root@jessie-amd64:~# ssh -X root@localhost uname -a > Linux jessie-amd64 3.16.0-6-amd64 #1 SMP Debian 3.16.57-2 (2018-07-14) x86_64 GNU/Linux > root@jessie-amd64:~# > > This seem to be a specific regression in 1:6.7p1-5+deb8u6, the behaviour is not seen on > either unstable (1:7.8p1-1) or stretch (1:7.4p1-10+deb9u4), so maybe > one of the adressed issues misses a prerequisite commit? Taking a quick look at it, I suppose the bug relates to the CVE-2016-1908 fix. For the record, the bug is also present in ubuntu 14.04 (trusty), where I took the relevant patches from: root@ubuntu-trusty:/# unset DISPLAY ; ssh -X ubuntu@localhost uname -a DISPLAY "(null)" invalid; disabling X11 forwarding Linux ubuntu-trusty 4.17.0-3-amd64 #1 SMP Debian 4.17.17-1 (2018-08-18) x86_64 x86_64 x86_64 GNU/Linux root@ubuntu-trusty:/# unset DISPLAY ; ssh ubuntu@localhost uname -a Linux ubuntu-trusty 4.17.0-3-amd64 #1 SMP Debian 4.17.17-1 (2018-08-18) x86_64 x86_64 x86_64 GNU/Linux Thanks for your report! I will fix it ASAP. cheers, -- S
Attachment:
signature.asc
Description: PGP signature