[Bug 1310781] Re: bad bignum encoding for curve25519-sha256 at libssh.org
Colin Watson
cjwatson at canonical.com
Fri May 2 08:34:21 UTC 2014
openssh (1:6.6p1-4) unstable; urgency=medium
* Debconf translations:
- Spanish (thanks, Matías Bellone; closes: #744867).
* Apply upstream-recommended patch to fix bignum encoding for
curve25519-sha256 at libssh.org, fixing occasional key exchange failures.
-- Colin Watson <cjwatson at debian.org> Mon, 21 Apr 2014 21:29:53 +0100
** Also affects: openssh (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: openssh (Ubuntu Trusty)
Status: New => Triaged
** Changed in: openssh (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: openssh (Ubuntu Trusty)
Assignee: (unassigned) => Colin Watson (cjwatson)
** Changed in: openssh (Ubuntu Trusty)
Milestone: None => ubuntu-14.04.1
** Changed in: openssh (Ubuntu)
Status: Triaged => Fix Released
** Changed in: openssh (Ubuntu Trusty)
Status: Triaged => In Progress
** Description changed:
+ [Impact] Occasional key exchange failure with ED25519.
+ [Test Case] I don't have a clear one, but perhaps attempting lots of connections to a fixed server would do it.
+ [Regression Potential] We should test with an unpatched server to make sure that it properly falls back to skipping that key exchange method.
+
There's an occasional (one in 512 or so) key exchange failure in the
curve25519-sha256 key exchange method, which affects OpenSSH 6.5 and
6.6. Upstream gives more details here and has recommended that
distributors apply this patch:
- https://lists.mindrot.org/pipermail/openssh-unix-
+ https://lists.mindrot.org/pipermail/openssh-unix-
dev/2014-April/032494.html
We should issue this as an update for trusty.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1310781
Title:
bad bignum encoding for curve25519-sha256 at libssh.org
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1310781/+subscriptions
More information about the Ubuntu-server-bugs
mailing list