This bug was fixed in the package libssh - 0.8.1-1ubuntu0.3 --------------- libssh (0.8.1-1ubuntu0.3) cosmic-security; urgency=medium
* SECURITY REGRESSION: fix multiple regressions (LP: #1805348) - debian/patches/CVE-2018-10933-regression.patch: set correct state after sending INFO_REQUEST in src/server.c. - debian/patches/CVE-2018-10933-regression2.patch: add missing break in src/packet.c. - debian/patches/CVE-2018-10933-regression3.patch: set correct state after sending GSSAPI_RESPONSE in src/gssapi.c. -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 27 Nov 2018 09:59:21 -0500 ** Changed in: libssh (Ubuntu Cosmic) Status: Triaged => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10933 ** Changed in: libssh (Ubuntu Trusty) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libssh in Ubuntu. https://bugs.launchpad.net/bugs/1805348 Title: Recent security update broke server-side keyboard-interactive authentication Status in libssh package in Ubuntu: Fix Released Status in libssh source package in Trusty: Fix Released Status in libssh source package in Xenial: Fix Released Status in libssh source package in Bionic: Triaged Status in libssh source package in Cosmic: Fix Released Status in libssh package in Debian: New Bug description: 0.8.4 and the backported fixes for CVE-2018-10933 cause server-side keyboard-interactive authentication to completely break. See https://bugs.libssh.org/T117 for details and a reproducer. This was fixed upstream as part of the 0.8.5 release, so disco is fine. For 16.04/18.04/18.10, please backport the fix: https://git.libssh.org/projects/libssh.git/commit/?id=4ea46eecce9f4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1805348/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp