From owner-freebsd-security@freebsd.org Wed Mar 9 14:09:21 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85EA3AC9DCE for ; Wed, 9 Mar 2016 14:09:21 +0000 (UTC) (envelope-from list-freebsd-security@jyborn.se) Received: from mailgate.leissner.se (mailgate.leissner.se [212.3.1.210]) by mx1.freebsd.org (Postfix) with ESMTP id 211E8DE0 for ; Wed, 9 Mar 2016 14:09:20 +0000 (UTC) (envelope-from list-freebsd-security@jyborn.se) Received: from mailgate.leissner.se (localhost [127.0.0.1]) by mailgate.leissner.se (8.15.2/8.15.1) with ESMTP id u29E1SH9095284 for ; Wed, 9 Mar 2016 15:01:28 +0100 (CET) (envelope-from list-freebsd-security@jyborn.se) Received: (from uucp@localhost) by mailgate.leissner.se (8.15.2/8.15.1/Submit) id u29E1SPJ095283 for ; Wed, 9 Mar 2016 15:01:28 +0100 (CET) (envelope-from list-freebsd-security@jyborn.se) Received: from pol.leissner.se(192.71.29.17), claiming to be "pol-server.leissner.se" via SMTP by mailgate.leissner.se, id smtpdhyj4UD; Wed Mar 9 15:01:25 2016 Received: from localhost (pol-server.leissner.se [local]); by pol-server.leissner.se (OpenSMTPD) with ESMTPA id 07c9eb68; for ; Wed, 9 Mar 2016 15:01:25 +0100 (CET) Date: Wed, 9 Mar 2016 15:01:25 +0100 From: Peter To: "freebsd-security@freebsd.org" Subject: Re: openssl bug causes sshd crashed on FreeBSD 9.3-RELEASE Message-ID: <20160309140125.GH13515@pol-server.leissner.se> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2016 14:09:21 -0000 On Wed, Mar 09, 2016 at 09:32:34PM +0900, Akihiro HIRANO wrote: > Hi, > > On 2016/03/09 19:59, Frank Möller wrote: > >I got the same problem here. > > > >After updating to FreeBSD 9.3-RELEASE-p37 sshd from the base system crashes by signal 11 > > when I connect to the server with an old ssh client (e.g. OpenSSH_4.5p1). > >Using a newer ssh client versions (e.g. OpenSSH_6.6.1p1 from FreeBSD 9.3-RELEASE-p10) > > the sshd works fine. > > Hum... I tried OpenSSH_6.6.1p1 client on 9.3-RELEASE-p37 > and OpenSSH_6.4p1 client on 10.0-RELEASE-p18. > Both clients cause sshd on 9.3-RELEASE-p37 crashed by signal 11. > > > Another admin states that postfix smtpd also has the same problem. > Using security/openssl is also a workaround for this case. A much worse problem, for me at least, is that 9.3-RELEASE-p37 makes apache crash with signal 11. I only tried this in a web server running https, so I don't know if apache running only http also crashes. Luckily I use freebsd-update, so I could solve the problem easily with freebsd-update rollback. Peter