Debian Bug report logs -
#906236
openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 15 Aug 2018 19:48:02 UTC
Severity: important
Tags: patch, security, upstream
Found in versions openssh/1:6.7p1-1, openssh/1:7.7p1-1
Fixed in versions openssh/1:7.7p1-4, openssh/1:7.4p1-10+deb9u4
Done: Sebastien Delafond <seb@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Wed, 15 Aug 2018 19:48:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Wed, 15 Aug 2018 19:48:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: openssh
Version: 1:7.7p1-1
Severity: important
Tags: patch security upstream
Hi
See http://www.openwall.com/lists/oss-security/2018/08/15/5 for
details.
Upstream patch:
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
Regards,
Salvatore
Marked as found in versions openssh/1:6.7p1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 15 Aug 2018 19:54:03 GMT) (full text, mbox, link).
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>:
Bug#906236.
(Fri, 17 Aug 2018 13:15:06 GMT) (full text, mbox, link).
Message #10 received at 906236-submitter@bugs.debian.org (full text, mbox, reply):
Control: tag -1 pending
Hello,
Bug #906236 in openssh reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
https://salsa.debian.org/ssh-team/openssh/commit/4641c58a3279f6b118f9562babaa0ee050a38619
------------------------------------------------------------------------
Fix user enumeration vulnerability
Apply upstream patch to delay bailout for invalid authenticating user
until after the packet containing the request has been fully parsed.
Closes: #906236
------------------------------------------------------------------------
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/906236
Added tag(s) pending.
Request was from Colin Watson <cjwatson@debian.org>
to 906236-submitter@bugs.debian.org.
(Fri, 17 Aug 2018 13:15:06 GMT) (full text, mbox, link).
Reply sent
to Colin Watson <cjwatson@debian.org>:
You have taken responsibility.
(Fri, 17 Aug 2018 13:39:02 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 17 Aug 2018 13:39:02 GMT) (full text, mbox, link).
Message #17 received at 906236-close@bugs.debian.org (full text, mbox, reply):
Source: openssh
Source-Version: 1:7.7p1-4
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 906236@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 17 Aug 2018 14:09:32 +0100
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.7p1-4
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
Closes: 906236
Changes:
openssh (1:7.7p1-4) unstable; urgency=high
.
* Apply upstream patch to delay bailout for invalid authenticating user
until after the packet containing the request has been fully parsed
(closes: #906236).
Checksums-Sha1:
e5a21e7409739196b2a85e2d01c5bc652bb72bc3 3121 openssh_7.7p1-4.dsc
267d593644355dea2e3eb1a01370a937751d9987 160756 openssh_7.7p1-4.debian.tar.xz
049b974be4250a906deb3accbcff585c8bd03a85 14906 openssh_7.7p1-4_source.buildinfo
Checksums-Sha256:
2cadb472a4ef9fdd5abcb7c72f096f04ebc13f26dc72fa05118d3edb845a3389 3121 openssh_7.7p1-4.dsc
a7d3a5f9c2b91639f128620c231792698199a2ba0a74fb28dd26204714ccd865 160756 openssh_7.7p1-4.debian.tar.xz
c23fb4250db6c0fe6ac58872b1be78a1adc151d6bfe303371bacffb932847776 14906 openssh_7.7p1-4_source.buildinfo
Files:
411697adb18825f5b0da678431715e1e 3121 net standard openssh_7.7p1-4.dsc
7584eb46f42a5980577374bbe97e48cd 160756 net standard openssh_7.7p1-4.debian.tar.xz
2167cba69bbe4353016f0ae7bb254b7a 14906 net standard openssh_7.7p1-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlt2yU4ACgkQOTWH2X2G
UAu/Sw//Z6YZ0FtTnveeVSBIFLZtX9mKQLI1D63sr+GTaTXOsPpuMN2i1pk3fwbD
Kuhl9kfQNzxxkQTp5SY2xOzmPUfJt+6JPNtKhEWxgejGhebCO/xymuqIDKgw1eEx
R7w02WTNMDdxCMKLLslwgyAvcQDnV7EPy7dyZ68WQNaau2K9Ai5Mdroswe56Pyuv
acO5ecEZ2hCmCGO25XIlq2MtXRZBeNlOoTBJi+iqyrO0Qzvai4rmAr1E4AfF0PgD
2cPAe8q9rm6JLSXsJfrmS2avi+QudxKIzLqT+vfyLyhSeq6aRn7Abvug3V4Y6WUm
3L1Ysnn1QpVhwuxCYVQjuOoTZ7e4ePo3VFUQhZgs/GQK/NAgLANp3K3baxSDuTp/
EAvCRIxhoBX4xCRIJjc0OKTME9BRe9Owan8xoM99n6Xs7yyqmIWnxCX+S0NjKvwm
hPXbPd5nQA1Ps3w5PJBUSuFIeawMKiGd9LOaM9xv78jgTHHHRblEec9Motb/nGdL
ICC/g6x1+a3RZn4oJwd7fS4utK1ubosKAkSFcKLz5x1Y2hBN8hjiP1As9CwiMwXj
qnS+/5e7tVoxkXNCcqCM/PtqcfcKP2YnsjlQ8dTmacBL+iGzy+m3DTu+Ig8gp3FP
LXOsVJaZuzPd66uLL6LbqJrGPPVQghcG9hmAEe2UZkDaiE2MUB8=
=A67W
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Fri, 17 Aug 2018 18:33:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Fri, 17 Aug 2018 18:33:02 GMT) (full text, mbox, link).
Message #22 received at 906236@bugs.debian.org (full text, mbox, reply):
Control: retitle -1 openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
This got CVE-2018-15473 assigned.
Regards,
Salvatore
Changed Bug title to 'openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet' from 'openssh: delay bailout for invalid authenticating user until after the packet'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 906236-submit@bugs.debian.org.
(Fri, 17 Aug 2018 18:33:02 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Sun, 19 Aug 2018 08:36:13 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Sun, 19 Aug 2018 08:36:13 GMT) (full text, mbox, link).
Message #29 received at 906236@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
> openssh: CVE-2018-15473: delay bailout for invalid authenticating
> user until after the packet
I've started on a patch for wheezy (WIP attached).
Would the security team be interested in one for stretch? If so, I can
return with a proposed debdiff.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
[CVE-2018-15473.patch (text/x-patch, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Tue, 21 Aug 2018 08:12:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Tue, 21 Aug 2018 08:12:05 GMT) (full text, mbox, link).
Message #34 received at 906236@bugs.debian.org (full text, mbox, reply):
Chris Lamb wrote:
> > openssh: CVE-2018-15473: delay bailout for invalid authenticating
> > user until after the packet
>
> I've started on a patch for wheezy (WIP attached).
>
> Would the security team be interested in one for stretch? If so, I can
> return with a proposed debdiff.
Gentle ping on this?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Tue, 21 Aug 2018 08:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Sébastien Delafond <seb@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Tue, 21 Aug 2018 08:33:03 GMT) (full text, mbox, link).
Message #39 received at 906236@bugs.debian.org (full text, mbox, reply):
On Aug/19, Chris Lamb wrote:
> Would the security team be interested in one for stretch? If so, I can
> return with a proposed debdiff.
Sorry, missed your email about this. I'm actually done with the patch on
my end.
Cheers,
--Seb
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Tue, 21 Aug 2018 08:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Tue, 21 Aug 2018 08:36:03 GMT) (full text, mbox, link).
Message #44 received at 906236@bugs.debian.org (full text, mbox, reply):
Hi Sébastien,
> Sorry, missed your email about this. I'm actually done with the patch on
> my end.
No problem. Just to clarify that:
a) You will take the lead on stable/DSA.
b) I'll carry on with LTS, etc.
Let me know if this is incorrect.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Tue, 21 Aug 2018 08:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Sébastien Delafond <seb@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Tue, 21 Aug 2018 08:39:03 GMT) (full text, mbox, link).
Message #49 received at 906236@bugs.debian.org (full text, mbox, reply):
On Aug/21, Chris Lamb wrote:
> a) You will take the lead on stable/DSA.
> b) I'll carry on with LTS, etc.
Yes.
--Seb
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Tue, 21 Aug 2018 10:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Tue, 21 Aug 2018 10:42:04 GMT) (full text, mbox, link).
Message #54 received at 906236@bugs.debian.org (full text, mbox, reply):
On Sun, Aug 19, 2018 at 09:32:57AM +0100, Chris Lamb wrote:
> Hi,
>
> > openssh: CVE-2018-15473: delay bailout for invalid authenticating
> > user until after the packet
>
> I've started on a patch for wheezy (WIP attached).
>
> Would the security team be interested in one for stretch? If so, I can
> return with a proposed debdiff.
Your WIP mostly looks good, except:
> --- openssh-6.7p1.orig/auth4-pubkey.c
> +++ openssh-6.7p1/auth4-pubkey.c
> @@ -76,15 +76,11 @@ userauth_pubkey(Authctxt *authctxt)
> Buffer b;
> Key *key = NULL;
> char *pkalg, *userstyle;
> - u_char *pkblob, *sig;
> + u_char *pkblob, *sig = NULL;
> u_int alen, blen, slen;
> int have_sig, pktype;
> int authenticated = 0;
>
> - if (!authctxt->valid) {
> - debug2("userauth_pubkey: disabled because of invalid user");
> - return 0;
> - }
> have_sig = packet_get_char();
> if (datafellows & SSH_BUG_PKAUTH) {
> debug2("userauth_pubkey: SSH_BUG_PKAUTH");
> @@ -131,6 +127,11 @@ userauth_pubkey(Authctxt *authctxt)
> } else {
> buffer_put_string(&b, session_id2, session_id2_len);
> }
> + if (!authctxt->valid || authctxt->user == NULL) {
> + debug2("%s: disabled because of invalid user",
> + __func__);
> + goto done;
> + }
> /* reconstruct packet */
> buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
> xasprintf(&userstyle, "%s%s%s", authctxt->user,
> @@ -162,11 +163,14 @@ userauth_pubkey(Authctxt *authctxt)
> buffer_len(&b))) == 1)
> authenticated = 1;
> buffer_free(&b);
> - free(sig);
> } else {
> debug("test whether pkalg/pkblob are acceptable");
> packet_check_eom();
> -
> + if (!authctxt->valid || authctxt->user == NULL) {
> + debug2("%s: disabled because of invalid user",
> + __func__);
> + goto done;
> + }
> /* XXX fake reply and always send PK_OK ? */
> /*
> * XXX this allows testing whether a user is allowed
> @@ -192,6 +196,7 @@ done:
> key_free(key);
> free(pkalg);
> free(pkblob);
> + free(sig);
> return authenticated;
> }
>
This bit has the same memory leak problem that I noticed in Sébastien's
backport for stretch: https://bugzilla.mindrot.org/show_bug.cgi?id=2898,
but the backported fix needs to be different because we're working with
a buffer on the stack rather than a pointer to the buffer on the heap.
My suggestion to Sébastien was to add "buffer_free(&b);" before the new
"goto done;" in (only) the have_sig branch; this is a bit clunky, but
seems like the easiest solution.
--
Colin Watson [cjwatson@debian.org]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Tue, 21 Aug 2018 17:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Tue, 21 Aug 2018 17:21:03 GMT) (full text, mbox, link).
Message #59 received at 906236@bugs.debian.org (full text, mbox, reply):
Dear Colin et al.,
> This bit has the same memory leak problem that I noticed in Sébastien's
> backport for stretch
Great spot; thanks.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Reply sent
to Sebastien Delafond <seb@debian.org>:
You have taken responsibility.
(Fri, 24 Aug 2018 13:57:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 24 Aug 2018 13:57:07 GMT) (full text, mbox, link).
Message #64 received at 906236-close@bugs.debian.org (full text, mbox, reply):
Source: openssh
Source-Version: 1:7.4p1-10+deb9u4
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 906236@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 21 Aug 2018 05:14:18 +0200
Source: openssh
Binary: openssh-client openssh-client-ssh4 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:7.4p1-10+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-ssh4 - secure shell (SSH) client for legacy SSH1 protocol
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 906236
Changes:
openssh (1:7.4p1-10+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team
* CVE-2018-15473: fix username enumeration issue, initially reported
by Dariusz Tytko and Michal Sajdak (Closes: #906236)
Checksums-Sha1:
f7896be809649b58e523ade9ae69e45b361011a4 2579 openssh_7.4p1-10+deb9u4.dsc
2330bbf82ed08cf3ac70e0acf00186ef3eeb97e0 1511780 openssh_7.4p1.orig.tar.gz
9a265a9c4522f701fd641b707cb3c4dd7b0498b9 163928 openssh_7.4p1-10+deb9u4.debian.tar.xz
60da5987a5b7531836f5581e48ceb53cde16071b 2954416 openssh-client-dbgsym_7.4p1-10+deb9u4_amd64.deb
0aeef82bf97cb616420ebd566a21e2890e0115bc 1210976 openssh-client-ssh4-dbgsym_7.4p1-10+deb9u4_amd64.deb
ae7d71dffabe7ab236308f731d64e6f6c63efaeb 338452 openssh-client-ssh4_7.4p1-10+deb9u4_amd64.deb
4f62e1805aad11d416140a049231b328da522eea 278770 openssh-client-udeb_7.4p1-10+deb9u4_amd64.udeb
d63fff21911a843aa1f3c22e54e893037decb9c9 777890 openssh-client_7.4p1-10+deb9u4_amd64.deb
d55f10284dde90380051da665afed97bc4ef6f9a 876748 openssh-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
e6f84fcaec017d25c251e5397687d31bdaf8cba2 282828 openssh-server-udeb_7.4p1-10+deb9u4_amd64.udeb
c9a159aecf26797381d4c3696726e23f1b6da7b3 332484 openssh-server_7.4p1-10+deb9u4_amd64.deb
c3d39129c09d8b9a516148338c05be95e602c792 107634 openssh-sftp-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
818726442a8a988942bd5092e011940bba7ae4c9 39488 openssh-sftp-server_7.4p1-10+deb9u4_amd64.deb
077ed5a61495a2d7d7f7e8be9cb92a3ec8efd704 17176 openssh_7.4p1-10+deb9u4_amd64.buildinfo
ca308440abe83c110f64460b0458822c7b16b77d 11670 ssh-askpass-gnome-dbgsym_7.4p1-10+deb9u4_amd64.deb
84c79a6c400da66d3ea15d099d5d6e202d933e9d 200334 ssh-askpass-gnome_7.4p1-10+deb9u4_amd64.deb
b6dde63ec4115626a5e4e72dc9cd128cb8444cfb 186624 ssh-krb5_7.4p1-10+deb9u4_all.deb
0c0ea6d0106caff3f1452aec67e1f89878809bc6 188968 ssh_7.4p1-10+deb9u4_all.deb
Checksums-Sha256:
57eb36cd403b8f9f06d776f3f2f0ba4ddb52aff01ab88c134099838bff1c245f 2579 openssh_7.4p1-10+deb9u4.dsc
1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1 1511780 openssh_7.4p1.orig.tar.gz
cf02250803a0a8762b520ad16679736e2177e06a1dff67c018b32d668070e686 163928 openssh_7.4p1-10+deb9u4.debian.tar.xz
474e2331448a1b6fd88c9028dea6d5f51b5eff28acddc9d75f534e9a9c4e4ebc 2954416 openssh-client-dbgsym_7.4p1-10+deb9u4_amd64.deb
5e5e0427d02af82167c835a94584c225e51a68eb12965e385519f2818fdbe78e 1210976 openssh-client-ssh4-dbgsym_7.4p1-10+deb9u4_amd64.deb
7bd3114348cb1954f03087f32ee274c9804650a30eac9cbbbb0d4a133b802f13 338452 openssh-client-ssh4_7.4p1-10+deb9u4_amd64.deb
20e907d80cab61aec1655e491017980ecc72491586dbbfcbbee70cc536f95cf0 278770 openssh-client-udeb_7.4p1-10+deb9u4_amd64.udeb
e352d88c4cfe7cceef76f4f7e8358555a03e747b3f4a48be67da479eff490231 777890 openssh-client_7.4p1-10+deb9u4_amd64.deb
9ab26e8e3195494ce0cca91f02b48465dcdc5b64bccbf7438fc8785c8ba75e21 876748 openssh-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
d9496ac636b453743fac45d72d0ed7fcc09662c837b9cdcac3477ce14a9b335f 282828 openssh-server-udeb_7.4p1-10+deb9u4_amd64.udeb
c154ad507ec7f0a903bf2209613fc18c1f309812d66cf2d24b04a6d48b380247 332484 openssh-server_7.4p1-10+deb9u4_amd64.deb
a1eca4e80e090ff9cd89c1709228e781ad5d460f36c2a7c676dfa042f6ea9369 107634 openssh-sftp-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
b3322ee9a49b8c823edd7e912ddd3accb4f0130aa4b14f544d3767a0bfa1830e 39488 openssh-sftp-server_7.4p1-10+deb9u4_amd64.deb
7e250234a1b21cad61ab4fe8fd88bc60fad247115c4c128421be9ad3072b2f1a 17176 openssh_7.4p1-10+deb9u4_amd64.buildinfo
09d23a7b65f66254dfed1ed259a76594736356bef4878c4593f2417cc79f30d5 11670 ssh-askpass-gnome-dbgsym_7.4p1-10+deb9u4_amd64.deb
699a9fb7459a87c24c799fb2645c97ec3937ccc1f26384f30f1d10e331dad6bf 200334 ssh-askpass-gnome_7.4p1-10+deb9u4_amd64.deb
7e5e203c05d0213ab8ae2f9d23428523f6018a03a6e5425a1db1dc0df519bd7f 186624 ssh-krb5_7.4p1-10+deb9u4_all.deb
87689c0389a8b481ed81962e9d092acd9ebce289f81563c7c9c793566734cb32 188968 ssh_7.4p1-10+deb9u4_all.deb
Files:
0fce8f2f388cea31837f77720f304970 2579 net standard openssh_7.4p1-10+deb9u4.dsc
b2db2a83caf66a208bb78d6d287cdaa3 1511780 net standard openssh_7.4p1.orig.tar.gz
0b929690b637a6bfa5c1bb4a9958f898 163928 net standard openssh_7.4p1-10+deb9u4.debian.tar.xz
0a72c2229d3377e8b3c0f9a16df30c71 2954416 debug extra openssh-client-dbgsym_7.4p1-10+deb9u4_amd64.deb
ae0af76ca1a75039f3012cf0f5f33f63 1210976 debug extra openssh-client-ssh4-dbgsym_7.4p1-10+deb9u4_amd64.deb
31065f4e4c1f13f0aa13d0e648c2ad62 338452 net extra openssh-client-ssh4_7.4p1-10+deb9u4_amd64.deb
939fffa6b32286bbf1484211a32dbccd 278770 debian-installer optional openssh-client-udeb_7.4p1-10+deb9u4_amd64.udeb
c6698c0b6f6dd036bff4c841dcd248d0 777890 net standard openssh-client_7.4p1-10+deb9u4_amd64.deb
aaaa0a664ac210e0ec566b796f101a79 876748 debug extra openssh-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
0f2e5b133454c83d5017a8531859da85 282828 debian-installer optional openssh-server-udeb_7.4p1-10+deb9u4_amd64.udeb
9dc9f22f6b5cb5b18a58905d00a85c6f 332484 net optional openssh-server_7.4p1-10+deb9u4_amd64.deb
fc970df8354f928057f77f820397ae75 107634 debug extra openssh-sftp-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
7197d5f65a3287e7ca27e71d961f1c5c 39488 net optional openssh-sftp-server_7.4p1-10+deb9u4_amd64.deb
4e93a936b2495373e38b0ea582b9bf17 17176 net standard openssh_7.4p1-10+deb9u4_amd64.buildinfo
0d00c04242caa6f2d2c5640d977f808e 11670 debug extra ssh-askpass-gnome-dbgsym_7.4p1-10+deb9u4_amd64.deb
06497b544e68e59a301b2c86b0731ced 200334 gnome optional ssh-askpass-gnome_7.4p1-10+deb9u4_amd64.deb
39b8d2f160d02fe655fa8fb9b2211dad 186624 oldlibs extra ssh-krb5_7.4p1-10+deb9u4_all.deb
bacf91eb7237db8183084792e9069edf 188968 net extra ssh_7.4p1-10+deb9u4_all.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh4EL6Jg/PVnWQFAlt8HCgACgkQEL6Jg/PV
nWR4NwgAycNHYJDnkVgxBEUY2bdzFZWHWI6KEAcGOuM9Q4IiKo3j0hZPpeIDhfUT
FXG5AXizmn3UVQkRUeA9c3Kh7+CyPyE3EYXKNTrahuJmACJv5zj3CSYlD8J9YQcz
8SnCVGmYhaLkuNWbDvDrXHDHx+HTrRllH/jJzmuAt12eco+ViBZsqbYWcfr16IUW
GOuRhYIKDtO0cEfZNcrAkyrn+8iEST5hT2lVFBdYn8g9wU/9sJ+uyRkVQLhhGay+
bochvnG4H1edKST4JFtCCQZFbsGPAe23+JOwrKJyC4irTW2Oc84S2fRTtTPAHfwi
5CLLtDfGWVyYCag8vGlTrvVkcuaN2w==
=QjwD
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Mon, 17 Sep 2018 09:06:17 GMT) (full text, mbox, link).
Acknowledgement sent
to Joost van Baal-Ilić <joostvb+debian-openssh@uvt.nl>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Mon, 17 Sep 2018 09:06:17 GMT) (full text, mbox, link).
Message #69 received at 906236@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to 6.0p1-4+deb7u8,
we see
Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from 1.2.3.4 port 39792 ssh4
Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as argument [preauth]
. Login fails:
joostvb@home:~% ssh root@host
Authentication failed.
. Downgrading back to 6.0p1-4+deb7u7 restores login functionality.
Behaviour observed on 2 of our machines. Possibly more debug information
available; please ask.
Bye,
Joost
--
Joost van Baal-Ilić http://abramowitz.uvt.nl/
Tilburg University
mailto:joostvb.uvt.nl The Netherlands
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#906236; Package src:openssh.
(Tue, 18 Sep 2018 01:03:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Roberto C. Sánchez <roberto@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Tue, 18 Sep 2018 01:03:02 GMT) (full text, mbox, link).
Message #74 received at 906236@bugs.debian.org (full text, mbox, reply):
On Mon, Sep 17, 2018 at 10:58:15AM +0200, Joost van Baal-Ilić wrote:
> Hi,
>
> After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to 6.0p1-4+deb7u8,
> we see
>
> Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from 1.2.3.4 port 39792 ssh4
> Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as argument [preauth]
>
> . Login fails:
>
> joostvb@home:~% ssh root@host
> Authentication failed.
>
> . Downgrading back to 6.0p1-4+deb7u7 restores login functionality.
>
> Behaviour observed on 2 of our machines. Possibly more debug information
> available; please ask.
>
> Bye,
>
> Joost
>
Joost,
Thanks to your detailed report and the supplementary information you
provided I have been able to determine the cause of the defect in the
patch for openssh 1:6.0p1-4+deb7u8. I have just uploaded a new openssh
(version 1:6.0p1-4+deb7u10) and published an updated advisory
(ELA-37-3).
With the additional information I received from you I was able to
perform much more thorough testing of these packages and specific
testing to ensure that the defect has been corrected.
Regards,
-Roberto
--
Roberto C. Sánchez
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 16 Oct 2018 07:28:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:11:58 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon