** Description changed:
[Impact]
Here's what has been brought to my attention by a UA customer:
* Release:
Xenial/16.04LTS
* Openssh version:
7.2p2-4ubuntu2.10
* Fuzzer tool used:
https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html
(proprietary
debdiff to go over the ESM process by security team.
Thanks
- Eric
** Patch added: "xenial_lp1930286.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1930286/+attachment/5502934/+files/xenial_lp1930286.debdiff
--
You received this bug notification because you are a member of
** Changed in: openssh (Ubuntu Xenial)
Status: New => In Progress
** Description changed:
+ [Impact]
Here's what has been brought to my attention by a UA customer:
* Release:
Xenial/16.04LTS
* Openssh version:
7.2p2-4ubuntu2.10
* Fuzzer tool used:
https://www.synop
UA customer test pkg outcome:
"
We ran the Defensics test suite before and after installing the test packages.
We could observe two core dumps before the test package installation.
But after test package installation, core dumps were not generated.
Can you provide this package as the fix?
"
This
Hello Seth,
So far no production impact has been reported, for now it is only
reproducible using that particular fuzzer on xenial's openssh version.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bu
Hello Eric, thanks for doing the research on this issue.
Does the coredump look like this may be exploitable in some fashion?
Is the crash something that affects anything beyond the specific process
serving the client in question?
Thanks
--
You received this bug notification because you are a
