Bug#906236: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
On Mon, Sep 17, 2018 at 10:58:15AM +0200, Joost van Baal-Ilić wrote:
> Hi,
>
> After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to 6.0p1-4+deb7u8,
> we see
>
> Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from 1.2.3.4 port 39792 ssh2
> Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as argument [preauth]
>
> . Login fails:
>
> joostvb@home:~% ssh root@host
> Authentication failed.
>
> . Downgrading back to 6.0p1-4+deb7u7 restores login functionality.
>
> Behaviour observed on 2 of our machines. Possibly more debug information
> available; please ask.
>
> Bye,
>
> Joost
>
Joost,
Thanks to your detailed report and the supplementary information you
provided I have been able to determine the cause of the defect in the
patch for openssh 1:6.0p1-4+deb7u8. I have just uploaded a new openssh
(version 1:6.0p1-4+deb7u10) and published an updated advisory
(ELA-37-3).
With the additional information I received from you I was able to
perform much more thorough testing of these packages and specific
testing to ensure that the defect has been corrected.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: