← Back to team overview

group.of.nepali.translators team mailing list archive

  1. group.of.nepali.translators team
  2. Mailing list archive
  3. Message #27270

[Bug 1805348] Re: Recent security update broke server-side keyboard-interactive authentication

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package libssh - 0.8.1-1ubuntu0.3

---------------
libssh (0.8.1-1ubuntu0.3) cosmic-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
    - debian/patches/CVE-2018-10933-regression.patch: set correct state
      after sending INFO_REQUEST in src/server.c.
    - debian/patches/CVE-2018-10933-regression2.patch: add missing break in
      src/packet.c.
    - debian/patches/CVE-2018-10933-regression3.patch: set correct state
      after sending GSSAPI_RESPONSE in src/gssapi.c.

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Tue, 27 Nov 2018
09:59:21 -0500

** Changed in: libssh (Ubuntu Cosmic)
       Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10933

** Changed in: libssh (Ubuntu Trusty)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1805348

Title:
  Recent security update broke server-side keyboard-interactive
  authentication

Status in libssh package in Ubuntu:
  Fix Released
Status in libssh source package in Trusty:
  Fix Released
Status in libssh source package in Xenial:
  Fix Released
Status in libssh source package in Bionic:
  Triaged
Status in libssh source package in Cosmic:
  Fix Released
Status in libssh package in Debian:
  New

Bug description:
  0.8.4 and the backported fixes for CVE-2018-10933 cause server-side
  keyboard-interactive authentication to completely break. See
  https://bugs.libssh.org/T117 for details and a reproducer.

  This was fixed upstream as part of the 0.8.5 release, so disco is
  fine. For 16.04/18.04/18.10, please backport the fix:

    https://git.libssh.org/projects/libssh.git/commit/?id=4ea46eecce9f4

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1805348/+subscriptions

References

  Thread PreviousDate PreviousThread Next