[Pkg-openssl-devel] Bug#941688: openssl 1.1.1d security update breaks openssh login on old kernels
Sylvain Rochet
gradator at gradator.net
Thu Oct 3 20:56:54 BST 2019
Package: openssl
Version: 1.1.1d-0+deb10u1
Severity: minor
Tags: upstream
Dear Maintainer,
Upgrading from openssl 1.1.1c-1 to openssl 1.1.1d-0+deb10u1 on Debian
Buster breaks openssh login on systems running old kernels (3.16.x at
least).
This is due to the missing getrandom syscall on those kernels and
seccomp filter triggering on fallback implementation of the missing
syscall, reverting to 1.1.1c-1 fixes the issue.
This is currently being discussed upstream at:
https://github.com/openssl/openssl/issues/9984
It only affects old kernels so it's no big deal anyway.
Regards,
Sylvain
-- System Information:
Debian Release: 10.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.16.74 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages openssl depends on:
ii libc6 2.28-10
ii libssl1.1 1.1.1d-0+deb10u1
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20190110
-- no debconf information
More information about the Pkg-openssl-devel
mailing list