[Bug 2028774] Re: ssh fails to load opensc-pkcs11.so

Marc Deslauriers 2028774 at bugs.launchpad.net
Wed Jul 26 20:25:35 UTC 2023 

One of the commits for the security fix for CVE-2023-28408 will now
attempt to mmap the library and search for the "C_GetFunctionList"
symbol before doing the dlopen. Unfortunately, dlopen allows specifying
just the library name and the dynamic linker will search for it, but the
new code just tries to open the filename directly.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-28408

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2028774

Title:
  ssh fails to load opensc-pkcs11.so

Status in openssh package in Ubuntu:
  New

Bug description:
  I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config

  After the last update of openssh-client I now get:

  $ strace -o slogin.log slogin host
  lib_contains_symbol: open opensc-pkcs11.so: No such file or directory
  provider opensc-pkcs11.so is not a PKCS11 library
  (uwe at host) Password for uwe at host:

  
  $ grep -i pkcs11 slogin.log 
  read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603
  openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory)
  write(2, "provider opensc-pkcs11.so is not"..., 51) = 51

  $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: openssh-client 1:8.9p1-3ubuntu0.3
  ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17
  Uname: Linux 5.19.0-50-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Jul 26 15:46:30 2023
  InstallationDate: Installed on 2022-08-25 (334 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419)
  RelatedPackageVersions:
   ssh-askpass       1:1.2.4.1-13
   libpam-ssh        N/A
   keychain          N/A
   ssh-askpass-gnome N/A
  SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774/+subscriptions

More information about the foundations-bugs mailing list