JIRA Issue

[#XCI-139] Update GSI-OpenSSH to address double free memory vulnerability

[XCI-139] Update GSI-OpenSSH to address double free memory vulnerability Created: 06/15/2017  Updated: 07/12/2018

Status: Closed
Project: XSEDE Cyberinfrastructure Integration
Component/s: Globus Toolkit GSISSH Client/Server
Fix Version/s: PY7 (Sep '17 - Aug '18)

Type: XCI Agile Activity Priority: Major
Reporter: Shava Smallen Assignee: Unassigned
Resolution: Unresolved Votes: 0

XSEDE Priority: -
Discussion Thread: https://www.xsede.org/web/staff/staff-message-board/-/message_boards/category/1587155
Public activity link: https://software.xsede.org/display/xci-139
Devel Repository: https://software.xsede.org/svn/xci/activities/xci-139/trunk/
Use Cases:
CAN-04: Open a command shell on a login server
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
Yekkirala, Venkatesh 2 2 days of effort to lead and implement the activity (required) started
Yekkirala, Venkatesh 1 one day of effort to draft user documentation (required ) none
Enstrom, Peter 3 3 days of effort to test the software none
Blau, Eric .1 prepare new GT meta-packages none
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Other type of deliverable
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Deployment Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Planned Launch Date:
Planned Test Readiness Review Date:
Planned Complete Date:
Actual Complete Date:
Lead Tester: Shava Smallen
Test Plan: https://docs.google.com/a/cilogon.org/document/d/1BTfAZu-xWqZf3re1HTDPNipp6ZyLDIOtJMdL7wCRf2E/edit?usp=sharing
Deployment Plan: https://docs.google.com/document/d/1oM_3NpRMLS7va7v2bFjSZovt67jvZi3KboKiJkAqeZw/edit?usp=sharing
Test Report: https://docs.google.com/document/d/1Ov-Q1Jkb1BSrT9ZaGKtLOqZsV-H4rn5Z_LqsZRkVy1w/edit?usp=sharing
Component Version: 7.5p1b


Update to latest version of GSI-OpenSSH that addresses Fedora's patch to OpenSSH to support OpenSSL 1.1 that has the potential for double free of memory noted at:



There are comments for XCI-139 that can be viewed with XSEDE authentication.