[Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8
Marc Deslauriers
2052328 at bugs.launchpad.net
Mon Feb 5 13:38:14 UTC 2024
I believe this issue is caused by a bad backport in Oracle's
8.0p1-19.el8_9.2 package. I think their fix for CVE-2023-48795 isn't
properly adding kex-strict-s-v00 at openssh.com to their KEX. Downgrading
the Ubuntu package works around the problem as that prevents the client
from offering kex-strict-c-v00 at openssh.com.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2052328
Title:
openssh-client encounters MAC algo issue with EL8
Status in openssh package in Ubuntu:
New
Bug description:
Ubuntu 22.04 system connecting to an Oracle Linux v8 host. The
following error occurs regardless of the the MACs specified (or not)
in sshd_config:
Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message authentication code incorrect
Presumably, this may happen on any RHEL v8 variant. Note that
connecting to Enterprise Linux v7 work as well as other Ubuntu hosts.
Downgrading to previous version of openssh-client fixes issue.
apt install openssh-client=1:8.9p1-3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions
More information about the foundations-bugs
mailing list