Bad bignum encoding for <email address hidden>
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
Bug Description
A patch for 6.6p1 was posted on the openssh list fixing a bug in the 25519 negotiation and changing the reported version to 6.6.1p1.
Future versions of openssh, version 6.6.1p1 itself, and other ssh software, such as libssh, will refuse to speak 25519 to anything which identifies itself as openssh 6.6p1or 6.5p1.
The patch was posted for the express purpose of providing an easy update for 6.6p1 to avoid this bug.
Debian has updated sid to 6.6.1p1, and that should copy over to jessie soon. You can see their git for the details.
Both utopic and trusty should get this update quickly. And in trusty itself, not just -updates or -backports; notwithstanding the edit to the reported version it is a bug fix for 6.6p1.
Any backports or updates repos which have 6.6p1 also should get the update to 6.6.1p1.
Thank you for taking the time to report this bug and helping to make Ubuntu better.
> Debian has updated sid to 6.6.1p1, and that should copy over to jessie soon.
I only see 1:6.6p1-4, but this does include:
* Apply upstream- recommended patch to fix bignum encoding for
<email address hidden>, fixing occasional key exchange failures.
If this is the patch for which you filed this bug, then we should rename this bug accordingly, since as far as I can tell 6.6.1p1 hasn't been released yet, and this is confusing. It sounds like the patch itself can be cherry-picked to Trusty.
I see 1:6.6p1-4 in utopic-proposed, so the fix should hit Utopic soon.
I see a patch here, which we can cherry-pick to Trusty: http:// sources. debian. net/src/ openssh/ 1:6.6p1- 4/debian/ patches/ curve25519- sha256- bignum- encoding. patch