Recent security update broke server-side keyboard-interactive authentication
Bug #1805348 reported by
Martin Pitt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libssh (Debian) |
Fix Released
|
Unknown
|
|||
libssh (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Marc Deslauriers | ||
Xenial |
Fix Released
|
High
|
Marc Deslauriers | ||
Bionic |
Fix Released
|
High
|
Marc Deslauriers | ||
Cosmic |
Fix Released
|
High
|
Marc Deslauriers |
Bug Description
0.8.4 and the backported fixes for CVE-2018-10933 cause server-side keyboard-
This was fixed upstream as part of the 0.8.5 release, so disco is fine. For 16.04/18.04/18.10, please backport the fix:
https:/
CVE References
tags: | added: bionic cosmic regression-release xenial |
Changed in libssh (Ubuntu): | |
status: | New → Fix Released |
Changed in libssh (Ubuntu Xenial): | |
status: | New → Triaged |
Changed in libssh (Ubuntu Bionic): | |
status: | New → Triaged |
Changed in libssh (Ubuntu Cosmic): | |
status: | New → Triaged |
Changed in libssh (Ubuntu Xenial): | |
importance: | Undecided → High |
Changed in libssh (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in libssh (Ubuntu Cosmic): | |
importance: | Undecided → High |
Changed in libssh (Debian): | |
status: | Unknown → New |
Changed in libssh (Ubuntu Xenial): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libssh (Ubuntu Bionic): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libssh (Ubuntu Cosmic): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libssh (Ubuntu Trusty): | |
status: | New → Triaged |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
importance: | Undecided → High |
information type: | Public → Public Security |
Changed in libssh (Debian): | |
status: | New → Fix Released |
To post a comment you must log in.
Thanks for reporting this pitti, I'll prepare a regression fix!