** Changed in: libssh (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libssh in Ubuntu.
https://bugs.launchpad.net/bugs/1805348
Title:
Recent security update broke server-side keyboard-interactive
authentication
Status in libssh package in Ubuntu:
Fix Released
Status in libssh source package in Trusty:
Fix Released
Status in libssh source package in Xenial:
Fix Released
Status in libssh source package in Bionic:
Fix Released
Status in libssh source package in Cosmic:
Fix Released
Status in libssh package in Debian:
Fix Released
Bug description:
0.8.4 and the backported fixes for CVE-2018-10933 cause server-side
keyboard-interactive authentication to completely break. See
https://bugs.libssh.org/T117 for details and a reproducer.
This was fixed upstream as part of the 0.8.5 release, so disco is
fine. For 16.04/18.04/18.10, please backport the fix:
https://git.libssh.org/projects/libssh.git/commit/?id=4ea46eecce9f4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1805348/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
