Cannot make simple connection with new python3-crypto version
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
paramiko (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
The automatic updates applied a new version of python3-crypto which now breaks paramiko ssh connections.
The change log for crypto shows me this, which is exactly the error I am seeing.
python-crypto (2.6.1-
* SECURITY UPDATE: throw exception when IV used with ECB or CTR
- debian/
- CVE-2013-7459.patch
-- Emily Ratliff <email address hidden> Tue, 14 Feb 2017 16:05:02 -0600
I found the upgrade from /var/log/
Start-Date: 2017-02-17 07:04:27
Commandline: /usr/bin/
Upgrade: <clipped> python3-
End-Date: 2017-02-17 07:04:56
$ lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
$ apt-cache policy python3-paramiko
python3-paramiko:
Installed: 1.16.0-1
Candidate: 1.16.0-1
Version table:
*** 1.16.0-1 500
500 http://
500 http://
100 /var/lib/
$ apt-cache policy python3-crypto
python3-crypto:
Installed: 2.6.1-6ubuntu0.
Candidate: 2.6.1-6ubuntu0.
Version table:
*** 2.6.1-6ubuntu0.
500 http://
500 http://
100 /var/lib/
2.6.1-6build1 500
500 http://
A simple test that should connect (and used to) but now doesn't
Python 3.5.2 (default, Nov 17 2016, 17:05:23)
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import paramiko
>>> ssh = paramiko.
>>> ssh.set_
>>> ssh.connect(
Unknown exception: CTR mode needs counter parameter, not IV
Traceback (most recent call last):
File "/usr/lib/
self.
File "/usr/lib/
return self._parse_
File "/usr/lib/
self.
File "/usr/lib/
engine = self._get_
File "/usr/lib/
return self._cipher_
File "/usr/lib/
return AESCipher(key, *args, **kwargs)
File "/usr/lib/
blockalgo.
File "/usr/lib/
self._cipher = factory.new(key, *args, **kwargs)
ValueError: CTR mode needs counter parameter, not IV
Thank you for taking the time to report this bug and helping to make Ubuntu better.
This has already been reported as bug 1665565, so I'm taking the liberty of marking this as a duplicate. Note that python-crypto 2.6.1-6ubuntu0. 16.04.2 has been released for 16.04 which backs down from throwing an exception to printing a warning, see bug 1665598 for more details.