[Bug 1665752] Re: Cannot make simple connection with new python3-crypto version

Hans Joachim Desserud 1665752 at bugs.launchpad.net
Fri Feb 17 22:23:46 UTC 2017 

*** This bug is a duplicate of bug 1665565 ***
    https://bugs.launchpad.net/bugs/1665565

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

This has already been reported as bug 1665565, so I'm taking the liberty
of marking this as a duplicate. Note that python-crypto
2.6.1-6ubuntu0.16.04.2 has been released for 16.04 which backs down from
throwing an exception to printing a warning, see bug 1665598 for more
details.

** Tags added: regression-update xenial

** This bug has been marked a duplicate of bug 1665565
   python-paramiko 1.16.0-1 incompatible with python-crypto  2.6.1-6ubuntu0.16.04.1

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to paramiko in Ubuntu.
https://bugs.launchpad.net/bugs/1665752

Title:
  Cannot make simple connection with new python3-crypto version

Status in paramiko package in Ubuntu:
  New

Bug description:
  The automatic updates applied a new version of python3-crypto which
  now breaks paramiko ssh connections.

  The change log for crypto shows me this, which is exactly the error I am seeing.
  python-crypto (2.6.1-6ubuntu0.16.04.1) xenial-security; urgency=medium

    * SECURITY UPDATE: throw exception when IV used with ECB or CTR
      - debian/patches/CVE-2013-7459.patch: force exception when IV used ECB/CTR
      - CVE-2013-7459.patch

   -- Emily Ratliff <emily.ratliff at canonical.com>  Tue, 14 Feb 2017
  16:05:02 -0600

  I found the upgrade from /var/log/apt/history.log
   Start-Date: 2017-02-17  07:04:27
   Commandline: /usr/bin/unattended-upgrade
   Upgrade: <clipped> python3-crypto:amd64 (2.6.1-6build1, 2.6.1-6ubuntu0.16.04.1), <clipped>
   End-Date: 2017-02-17  07:04:56

  
  $ lsb_release -rd
  Description:	Ubuntu 16.04.1 LTS
  Release:	16.04

  $ apt-cache policy python3-paramiko
  python3-paramiko:
    Installed: 1.16.0-1
    Candidate: 1.16.0-1
    Version table:
   *** 1.16.0-1 500
          500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
          500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages
          100 /var/lib/dpkg/status
  $ apt-cache policy python3-crypto
  python3-crypto:
    Installed: 2.6.1-6ubuntu0.16.04.1
    Candidate: 2.6.1-6ubuntu0.16.04.1
    Version table:
   *** 2.6.1-6ubuntu0.16.04.1 500
          500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
          100 /var/lib/dpkg/status
       2.6.1-6build1 500
          500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  
  A simple test that should connect (and used to) but now doesn't

  Python 3.5.2 (default, Nov 17 2016, 17:05:23) 
  [GCC 5.4.0 20160609] on linux
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import paramiko
  >>> ssh = paramiko.SSHClient()
  >>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  >>> ssh.connect("192.168.2.46", username='xxxx', password='xxxx')
  Unknown exception: CTR mode needs counter parameter, not IV
  Traceback (most recent call last):
    File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 1744, in run
      self.kex_engine.parse_next(ptype, m)
    File "/usr/lib/python3/dist-packages/paramiko/kex_group1.py", line 75, in parse_next
      return self._parse_kexdh_reply(m)
    File "/usr/lib/python3/dist-packages/paramiko/kex_group1.py", line 112, in _parse_kexdh_reply
      self.transport._activate_outbound()
    File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2074, in _activate_outbound
      engine = self._get_cipher(self.local_cipher, key_out, IV_out)
    File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 1649, in _get_cipher
      return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv, counter)
    File "/usr/lib/python3/dist-packages/Crypto/Cipher/AES.py", line 94, in new
      return AESCipher(key, *args, **kwargs)
    File "/usr/lib/python3/dist-packages/Crypto/Cipher/AES.py", line 59, in __init__
      blockalgo.BlockAlgo.__init__(self, _AES, key, *args, **kwargs)
    File "/usr/lib/python3/dist-packages/Crypto/Cipher/blockalgo.py", line 141, in __init__
      self._cipher = factory.new(key, *args, **kwargs)
  ValueError: CTR mode needs counter parameter, not IV

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/paramiko/+bug/1665752/+subscriptions

More information about the foundations-bugs mailing list