UA customer test pkg outcome: " We ran the Defensics test suite before and after installing the test packages. We could observe two core dumps before the test package installation. But after test package installation, core dumps were not generated. Can you provide this package as the fix? "
This concludes that xenial + commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 fixes their fuzzer segfault situation. - Eric -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1930286 Title: Defensics' synopsys fuzzer testing tool cause openssh to segfault Status in openssh package in Ubuntu: New Status in openssh source package in Xenial: New Bug description: Here's what has been brought to my attention by a UA customer: * Release: Xenial/16.04LTS * Openssh version: 7.2p2-4ubuntu2.10 * Fuzzer tool used: https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html (proprietary software) As of today, I have no access to a reproducer. Still working on getting access to one (if possible) in order to better understand what the failing test scenario is doing. * coredump: $ gdb $(which sshd) core.cic-1.domain.tld.1612566260.sshd.20731 ... Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `sshd: [net] '. Program terminated with signal SIGSEGV, Segmentation fault. #0 __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:136 136 ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S: No such file or directory. (gdb) bt #0 __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:136 #1 0x00007fec25b241db in memcpy (__len=<optimized out>, __src=0x0, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string3.h:53 #2 aes_gcm_ctrl (c=0x558a7ae19758, type=<optimized out>, arg=<optimized out>, ptr=0x0) at e_aes.c:1189 #3 0x00007fec25b20897 in EVP_CIPHER_CTX_ctrl (ctx=ctx@entry=0x558a7ae19758, type=type@entry=18, arg=arg@entry=-1, ptr=ptr@entry=0x0) at evp_enc.c:619 #4 0x0000558a7953f54c in cipher_init (cc=cc@entry=0x558a7ae19750, cipher=0x558a797b3ef0 <ciphers+720>, key=0x0, keylen=32, iv=0x0, ivlen=<optimized out>, do_encrypt=0) at ../cipher.c:336 #5 0x0000558a7954521a in ssh_set_newkeys (ssh=ssh@entry=0x558a7ae18ef0, mode=mode@entry=0)at ../packet.c:919 #6 0x0000558a7955ae92 in kex_input_newkeys (type=<optimized out>, seq=<optimized out>, ctxt=0x558a7ae18ef0)at ../kex.c:434 #7 0x0000558a7954d269 in ssh_dispatch_run (ssh=ssh@entry=0x558a7ae18ef0, mode=0, done=0x558a7ae18278, ctxt=0x558a7ae18ef0) at ../dispatch.c:119 #8 0x0000558a7954d2b9 in ssh_dispatch_run_fatal (ssh=0x558a7ae18ef0, mode=<optimized out>, done=<optimized out>, ctxt=<optimized out>) at ../dispatch.c:140 #9 0x0000558a79502770 in do_ssh2_kex () at ../sshd.c:2744 #10 main (ac=<optimized out>, av=<optimized out>) at ../sshd.c:2301 (gdb) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1930286/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
