Public bug reported: 0.8.4 and the backported fixes for CVE-2018-10933 cause server-side keyboard-interactive authentication to completely break. See https://bugs.libssh.org/T117 for details and a reproducer.
This was fixed upstream as part of the 0.8.5 release, so disco is fine. For 16.04/18.04/18.10, please backport the fix: https://git.libssh.org/projects/libssh.git/commit/?id=4ea46eecce9f4 ** Affects: libssh (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: libssh (Ubuntu Xenial) Importance: High Status: Triaged ** Affects: libssh (Ubuntu Bionic) Importance: High Status: Triaged ** Affects: libssh (Ubuntu Cosmic) Importance: High Status: Triaged ** Affects: libssh (Debian) Importance: Unknown Status: Unknown ** Tags: bionic cosmic regression-release xenial ** Tags added: bionic cosmic regression-release xenial ** Also affects: libssh (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: libssh (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: libssh (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: libssh (Ubuntu) Status: New => Fix Released ** Changed in: libssh (Ubuntu Xenial) Status: New => Triaged ** Changed in: libssh (Ubuntu Bionic) Status: New => Triaged ** Changed in: libssh (Ubuntu Cosmic) Status: New => Triaged ** Changed in: libssh (Ubuntu Xenial) Importance: Undecided => High ** Changed in: libssh (Ubuntu Bionic) Importance: Undecided => High ** Changed in: libssh (Ubuntu Cosmic) Importance: Undecided => High ** Bug watch added: Debian Bug tracker #913870 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913870 ** Also affects: libssh (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913870 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1805348 Title: Recent security update broke server-side keyboard-interactive authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1805348/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
