On Mon, Sep 17, 2018 at 10:58:15AM +0200, Joost van Baal-Ilić wrote: > Hi, > > After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to > 6.0p1-4+deb7u8, > we see > > Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from 1.2.3.4 > port 39792 ssh2 > Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as > argument [preauth] > > . Login fails: > > joostvb@home:~% ssh root@host > Authentication failed. > > . Downgrading back to 6.0p1-4+deb7u7 restores login functionality. > > Behaviour observed on 2 of our machines. Possibly more debug information > available; please ask. > > Bye, > > Joost > Joost,
Thanks to your detailed report and the supplementary information you provided I have been able to determine the cause of the defect in the patch for openssh 1:6.0p1-4+deb7u8. I have just uploaded a new openssh (version 1:6.0p1-4+deb7u10) and published an updated advisory (ELA-37-3). With the additional information I received from you I was able to perform much more thorough testing of these packages and specific testing to ensure that the defect has been corrected. Regards, -Roberto -- Roberto C. Sánchez