[Bug 1526357] Re: Fix broken handling of first_kex_follows clients
Launchpad Bug Tracker
1526357 at bugs.launchpad.net
Thu Dec 17 06:17:27 UTC 2015
This bug was fixed in the package openssh - 1:7.1p1-4
---------------
openssh (1:7.1p1-4) unstable; urgency=medium
* Backport upstream patch to unbreak connections with peers that set
first_kex_follows (LP: #1526357).
-- Colin Watson <cjwatson at debian.org> Tue, 15 Dec 2015 15:40:18 +0000
** Changed in: openssh (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1526357
Title:
Fix broken handling of first_kex_follows clients
Status in openssh package in Ubuntu:
Fix Released
Bug description:
OpenSSH versions between 6.8 and 7.1 inclusive have a regression that
breaks connections from clients that use SSH first_kex_follows
feature. This affects connections from the Dropbear SSH client
(dbclient), they fail with "bad hostkey signature" or similar. It may
affect ssh.com clients too.
This has been fixed in upstream in the attached patch, it would be
worthwhile including in Xenial if it's going to ship with the current
OpenSSH 7.1. Upstream change 1.115 http://cvsweb.openbsd.org/cgi-
bin/cvsweb/src/usr.bin/ssh/kex.c
https://bugzilla.mindrot.org/show_bug.cgi?id=2515#c6 Comment 6 is the
upstream bug report (ignore the rest of the bug about new diffie-
hellman algorithms)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1526357/+subscriptions
More information about the foundations-bugs
mailing list