This bug was fixed in the package libssh -
0.8.0~20170825.94fa1e38-1ubuntu0.2
---------------
libssh (0.8.0~20170825.94fa1e38-1ubuntu0.2) bionic-security; urgency=medium
* SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
- debian/patches/CVE-2018-10933-regression.patch: set correct state
after sending INFO_REQUEST in src/server.c.
- debian/patches/CVE-2018-10933-regression2.patch: add missing break in
src/packet.c.
- debian/patches/CVE-2018-10933-regression3.patch: set correct state
after sending GSSAPI_RESPONSE in src/gssapi.c.
-- Marc Deslauriers <[email protected]> Tue, 27 Nov 2018
10:01:15 -0500
** Changed in: libssh (Ubuntu Bionic)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805348
Title:
Recent security update broke server-side keyboard-interactive
authentication
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1805348/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
