Debian Bug report logs -
#784404
libssh: CVE-2015-3146: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 6 May 2015 04:57:01 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstream
Found in version libssh/0.5.4-1
Fixed in version libssh/0.6.3-4.2
Done: Christopher Knadle <Chris.Knadle@coredump.us>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#784404; Package src:libssh.
(Wed, 06 May 2015 04:57:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laurent Bigonville <bigon@debian.org>.
(Wed, 06 May 2015 04:57:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libssh
Version: 0.5.4-1
Severity: important
Tags: security upstream fixed-upstream
the following vulnerability was published for libssh.
CVE-2015-3146[0]:
| null pointer dereference due to a logical error in the handling of a
| SSH_MSG_NEWKEYS and KEXDH_REPLY packets
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3146
[1] https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
Regards,
Salvatore
Changed Bug title to 'libssh: CVE-2015-3146: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets' from 'libssh: CVE-2015-3146: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packetsHi,'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 08 May 2015 16:36:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#784404; Package src:libssh.
(Mon, 02 Nov 2015 03:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Knadle <Chris.Knadle@coredump.us>:
Extra info received and forwarded to list. Copy sent to Laurent Bigonville <bigon@debian.org>.
(Mon, 02 Nov 2015 03:33:03 GMT) (full text, mbox, link).
Message #12 received at 784404@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Greetings.
I have libssh 0.6.5-0.1 release available on mentors.debian.net which would
close #784404 (CVE-2015-3146) here:
http://mentors.debian.net/package/libssh
A .debdiff of changes is attached.
I'd upload this if I could but I'm not a DD yet (I'm a DM).
Some notes:
- Upstream has patches available for 0.5.x series releases here:
https://www.libssh.org/security/patches/
I would suggest looking at these as they likely could be used
to fix libssh in Wheezy for CVE-2015-3146 and CVE-2014-8132.
- libssh 0.6.5 contains patch files for 0.6.x for CVE-2015-3146
that could be applied to the package for Jessie.
- With the upstream release of libssh 0.7.0 the 0.6.x series is
no longer being maintained; I have a libssh 0.7.2 package I've
put together also.
Thanks
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
[libssh_0.6.5-0.1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#784404; Package src:libssh.
(Mon, 16 Nov 2015 19:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Laurent Bigonville <bigon@debian.org>.
(Mon, 16 Nov 2015 19:39:03 GMT) (full text, mbox, link).
Message #17 received at 784404@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 784404 + patch
Control: tags 784404 + pending
Dear maintainer,
Chris Knadle has prepared an NMU for libssh (versioned as 0.6.3-4.2)
and I've uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Regards.
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - https://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- NP: Carole King: I Feel The Earth Move
[libssh-0.6.3-4.2-nmu.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Added tag(s) patch.
Request was from gregor herrmann <gregoa@debian.org>
to 784404-submit@bugs.debian.org.
(Mon, 16 Nov 2015 19:39:04 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from gregor herrmann <gregoa@debian.org>
to 784404-submit@bugs.debian.org.
(Mon, 16 Nov 2015 19:39:04 GMT) (full text, mbox, link).
Reply sent
to Christopher Knadle <Chris.Knadle@coredump.us>:
You have taken responsibility.
(Sat, 21 Nov 2015 21:27:04 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 21 Nov 2015 21:27:04 GMT) (full text, mbox, link).
Message #26 received at 784404-close@bugs.debian.org (full text, mbox, reply):
Source: libssh
Source-Version: 0.6.3-4.2
We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 784404@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christopher Knadle <Chris.Knadle@coredump.us> (supplier of updated libssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 16 Nov 2015 04:26:51 -0500
Source: libssh
Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-dbg libssh-doc
Architecture: all source
Version: 0.6.3-4.2
Distribution: unstable
Urgency: medium
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Christopher Knadle <Chris.Knadle@coredump.us>
Closes: 784404
Description:
libssh-4 - tiny C SSH library (OpenSSL flavor)
libssh-dbg - tiny C SSH library. Debug symbols
libssh-dev - tiny C SSH library. Development files (OpenSSL flavor)
libssh-doc - tiny C SSH library. Documentation files
libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor)
Changes:
libssh (0.6.3-4.2) unstable; urgency=medium
.
* Non-maintainer upload.
* debian/patches: Add 0002_CVE-2015-3146.patch from 0.6.5 release upstream
(Closes: #784404)
Checksums-Sha1:
2b8f70013f56876f807bc572e2c74a5179594d42 2430 libssh_0.6.3-4.2.dsc
edac78dcb50d15500e61ea58c0d3acbf3e853d26 18904 libssh_0.6.3-4.2.debian.tar.xz
10e0231853d18b44d1549565feda76a35f45baf0 264744 libssh-doc_0.6.3-4.2_all.deb
Checksums-Sha256:
555679be7199d5ffd6255a96a5579b006784d3cc2afb0810dad3a5131be6e600 2430 libssh_0.6.3-4.2.dsc
1f6e3f8c39a00ed6cf3aef4c3351c4518f732aa05e74bd23d3524d5acf2572ac 18904 libssh_0.6.3-4.2.debian.tar.xz
fc10401277bc8432f13dc189b0129c07bf1c668a343b8e5d3cc16430ce4997bc 264744 libssh-doc_0.6.3-4.2_all.deb
Files:
b5186b570210d5ca39bffa588f0fd597 2430 libs optional libssh_0.6.3-4.2.dsc
413e658cf54e2a44af0839ed5efff627 18904 libs optional libssh_0.6.3-4.2.debian.tar.xz
7f6cc445de1730b387f982722ae3a095 264744 doc optional libssh-doc_0.6.3-4.2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJWSi+iXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC
QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGgToP/0i/hLZwO6/FbZAKltDAfJpf
2W/pkknEG1MJ32tVCoSgOpIfU//ML5QBDlwYKzQwfrMef9DcBrjPLAJmYLBw/R6j
ll5CBnn7JNcrxYyBHQ16ggtSAIeQvK5PixmIDqSkm7lbdSOCBt+oHnuPMnlNVfFW
9hPON+ibM9Q8QLes9ZjMAuLqVcBpkeiW9X/iPYqTL52UJ9DwLMFThDvdEWIlrC5S
K+Y+K9NN9r1xqQouLMBS73kWxontkdY2XUCCs9K82hBtklJMPiwj0Znh4/fAmDtq
2sLAbkkmGWC02VgePocubxqL91aOQ3t4m8U5T6DSPeDglutC8ydsPxki2wR0HCKC
9wXrZNCEtXP73IdyBgu4Iipsc/8E2Zrx71ZRlAi+BIMI0gB4grqEfhxbPcLshHEQ
cmJrm3yQPsIK388eLNTHccoxzFjm7CvfDHzuZBjZhQSaYTXFvePrP/8fJx/6f3jW
4Govj68c/wWrK5UvZwh4/WxyTQjwKDyX5rakgpw0czQ3gQYKQDkx6ElmuOvdwZTp
TGJpaEVhyR7eULololNUlZ++j/IMhWppMan/AjZVijPHVNcJwhPYVNjbONqToLI6
1CrhOM9epQHcYb1xnrL56ZnfV20nx307zxzBBJoknVpgBK6CLzw+psWV8m4Vz3uF
zjdKu6go/BKM6w0iO/Zz
=GmZ6
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 25 Dec 2015 07:25:30 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:53:52 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon