[Bug 1310781] Update Released

[Scott Kitterman]

The verification of the Stable Release Update for openssh has completed
successfully and the package has now been released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report.  In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regresssions.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1310781

Title:
  bad bignum encoding for curve25519-sha256 at libssh.org

Status in “openssh” package in Ubuntu:
  Fix Released
Status in “openssh” source package in Trusty:
  Fix Released

Bug description:
  [Impact] Occasional key exchange failure with ED25519.
  [Test Case] I don't have a clear one, but perhaps attempting lots of connections to a fixed server would do it.
  [Regression Potential] We should test with an unpatched server to make sure that it properly falls back to skipping that key exchange method.

  There's an occasional (one in 512 or so) key exchange failure in the
  curve25519-sha256 key exchange method, which affects OpenSSH 6.5 and
  6.6.  Upstream gives more details here and has recommended that
  distributors apply this patch:

    https://lists.mindrot.org/pipermail/openssh-unix-
  dev/2014-April/032494.html

  We should issue this as an update for trusty.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1310781/+subscriptions