group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1805348] [NEW] Recent security update broke server-side keyboard-interactive authentication

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Martin Pitt <martin.pitt@xxxxxxxxxx>
Date: Tue, 27 Nov 2018 08:27:43 -0000
Reply-to: Bug 1805348 <1805348@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

0.8.4 and the backported fixes for CVE-2018-10933 cause server-side
keyboard-interactive authentication to completely break. See
https://bugs.libssh.org/T117 for details and a reproducer.

This was fixed upstream as part of the 0.8.5 release, so disco is fine.
For 16.04/18.04/18.10, please backport the fix:

  https://git.libssh.org/projects/libssh.git/commit/?id=4ea46eecce9f4

** Affects: libssh (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: libssh (Ubuntu Xenial)
     Importance: High
         Status: Triaged

** Affects: libssh (Ubuntu Bionic)
     Importance: High
         Status: Triaged

** Affects: libssh (Ubuntu Cosmic)
     Importance: High
         Status: Triaged

** Affects: libssh (Debian)
     Importance: Unknown
         Status: Unknown


** Tags: bionic cosmic regression-release xenial

** Tags added: bionic cosmic regression-release xenial

** Also affects: libssh (Ubuntu Cosmic)
   Importance: Undecided
       Status: New

** Also affects: libssh (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: libssh (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: libssh (Ubuntu)
       Status: New => Fix Released

** Changed in: libssh (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: libssh (Ubuntu Bionic)
       Status: New => Triaged

** Changed in: libssh (Ubuntu Cosmic)
       Status: New => Triaged

** Changed in: libssh (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: libssh (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: libssh (Ubuntu Cosmic)
   Importance: Undecided => High

** Bug watch added: Debian Bug tracker #913870
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913870

** Also affects: libssh (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913870
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1805348

Title:
  Recent security update broke server-side keyboard-interactive
  authentication

Status in libssh package in Ubuntu:
  Fix Released
Status in libssh source package in Xenial:
  Triaged
Status in libssh source package in Bionic:
  Triaged
Status in libssh source package in Cosmic:
  Triaged
Status in libssh package in Debian:
  Unknown

Bug description:
  0.8.4 and the backported fixes for CVE-2018-10933 cause server-side
  keyboard-interactive authentication to completely break. See
  https://bugs.libssh.org/T117 for details and a reproducer.

  This was fixed upstream as part of the 0.8.5 release, so disco is
  fine. For 16.04/18.04/18.10, please backport the fix:

    https://git.libssh.org/projects/libssh.git/commit/?id=4ea46eecce9f4

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1805348/+subscriptions

Follow ups

[Bug 1805348] Re: Recent security update broke server-side keyboard-interactive authentication
From: Bug Watch Updater, 2019-02-05
[Bug 1805348] Re: Recent security update broke server-side keyboard-interactive authentication
From: Launchpad Bug Tracker, 2018-11-29
[Bug 1805348] Re: Recent security update broke server-side keyboard-interactive authentication
From: Launchpad Bug Tracker, 2018-11-29
[Bug 1805348] Re: Recent security update broke server-side keyboard-interactive authentication
From: Launchpad Bug Tracker, 2018-11-29
[Bug 1805348] Re: Recent security update broke server-side keyboard-interactive authentication
From: Marc Deslauriers, 2018-11-27