From owner-freebsd-security@freebsd.org  Tue Mar  8 09:45:55 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B8FFAC3B77
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Tue,  8 Mar 2016 09:45:55 +0000 (UTC)
 (envelope-from hirano@t.kanazawa-u.ac.jp)
Received: from mailwd01.kanazawa-u.ac.jp (mailwd01.kanazawa-u.ac.jp
 [133.28.3.23])
 (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id DC908F02
 for <freebsd-security@freebsd.org>; Tue,  8 Mar 2016 09:45:54 +0000 (UTC)
 (envelope-from hirano@t.kanazawa-u.ac.jp)
Received: from mailvc04.kanazawa-u.ac.jp (mailvc04.kanazawa-u.ac.jp
 [133.28.3.94])
 by mailwd01.kanazawa-u.ac.jp (Postfix) with ESMTP id 8D2353C0314
 for <freebsd-security@freebsd.org>; Tue,  8 Mar 2016 18:34:40 +0900 (JST)
Received: from mailvc04.kanazawa-u.ac.jp (localhost [127.0.0.1])
 by localhost.kanazawa-u.ac.jp (Postfix) with ESMTP id 7E15142D75
 for <freebsd-security@freebsd.org>; Tue,  8 Mar 2016 18:34:40 +0900 (JST)
Received: from smtp01.kanazawa-u.ac.jp (smtp01.kanazawa-u.ac.jp [133.28.3.64])
 by mailvc04.kanazawa-u.ac.jp (Postfix) with ESMTP id 76E1C42D5D
 for <freebsd-security@freebsd.org>; Tue,  8 Mar 2016 18:34:40 +0900 (JST)
Received: from mail.se.kanazawa-u.ac.jp (mail.se.kanazawa-u.ac.jp
 [133.28.0.131])
 by smtp01.kanazawa-u.ac.jp (Postfix) with ESMTP id 71F8D11605A;
 Tue,  8 Mar 2016 18:34:40 +0900 (JST)
Received: from [192.168.1.197] (canes.ec.t.kanazawa-u.ac.jp [133.28.97.35])
 (Authenticated sender: hirano@se.kanazawa-u.ac.jp)
 by mail.se.kanazawa-u.ac.jp (Postfix) with ESMTPSA id B57F34E61B;
 Tue,  8 Mar 2016 18:34:35 +0900 (JST)
To: freebsd-security@freebsd.org
From: Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp>
Subject: openssl bug causes sshd crashed on FreeBSD 9.3-RELEASE
Message-ID: <56DE9CA8.3010206@t.kanazawa-u.ac.jp>
Date: Tue, 8 Mar 2016 18:34:32 +0900
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: No
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 09:45:55 -0000

On FreeBSD 9.3-RELEASE-p37, sshd crashes by signal 11.

Mar  8 17:32:20 hostname kernel: pid 22651 (sshd), uid 0: exited on
signal 11

On FreeBSD 10.1-RELEASE-p30, sshd works fine.

As far as I have examined, the reason is OpenSSL in base system.
The following tests have been performed on FreeBSD 9.3-RELEASE-p37:

(1) sshd in base system crashes.
(2) openssh-portable from pkg which uses base OpenSSL library crashes.
(3) openssh-portable from ports with OpenSSL from pkg works fine.

Therefore, I suggest that the openssl library in base system
might have a problem.

Best Regards,
----
Akihiro HIRANO, Kanazawa University
hirano@t.kanazawa-u.ac.jp