[Bug 1310781] Re: bad bignum encoding for curve25519-sha256 at libssh.org
Colin Watson
cjwatson at canonical.com
Fri May 2 08:34:21 UTC 2014
openssh (1:6.6p1-4) unstable; urgency=medium
* Debconf translations:
- Spanish (thanks, Matías Bellone; closes: #744867).
* Apply upstream-recommended patch to fix bignum encoding for
curve25519-sha256 at libssh.org, fixing occasional key exchange failures.
-- Colin Watson <cjwatson at debian.org> Mon, 21 Apr 2014 21:29:53 +0100
** Also affects: openssh (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: openssh (Ubuntu Trusty)
Status: New => Triaged
** Changed in: openssh (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: openssh (Ubuntu Trusty)
Assignee: (unassigned) => Colin Watson (cjwatson)
** Changed in: openssh (Ubuntu Trusty)
Milestone: None => ubuntu-14.04.1
** Changed in: openssh (Ubuntu)
Status: Triaged => Fix Released
** Changed in: openssh (Ubuntu Trusty)
Status: Triaged => In Progress
** Description changed:
+ [Impact] Occasional key exchange failure with ED25519.
+ [Test Case] I don't have a clear one, but perhaps attempting lots of connections to a fixed server would do it.
+ [Regression Potential] We should test with an unpatched server to make sure that it properly falls back to skipping that key exchange method.
+
There's an occasional (one in 512 or so) key exchange failure in the
curve25519-sha256 key exchange method, which affects OpenSSH 6.5 and
6.6. Upstream gives more details here and has recommended that
distributors apply this patch:
- https://lists.mindrot.org/pipermail/openssh-unix-
+ https://lists.mindrot.org/pipermail/openssh-unix-
dev/2014-April/032494.html
We should issue this as an update for trusty.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1310781
Title:
bad bignum encoding for curve25519-sha256 at libssh.org
Status in “openssh” package in Ubuntu:
Fix Released
Status in “openssh” source package in Trusty:
In Progress
Bug description:
[Impact] Occasional key exchange failure with ED25519.
[Test Case] I don't have a clear one, but perhaps attempting lots of connections to a fixed server would do it.
[Regression Potential] We should test with an unpatched server to make sure that it properly falls back to skipping that key exchange method.
There's an occasional (one in 512 or so) key exchange failure in the
curve25519-sha256 key exchange method, which affects OpenSSH 6.5 and
6.6. Upstream gives more details here and has recommended that
distributors apply this patch:
https://lists.mindrot.org/pipermail/openssh-unix-
dev/2014-April/032494.html
We should issue this as an update for trusty.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1310781/+subscriptions
More information about the foundations-bugs
mailing list