Bug#702548: pu: package libssh/0.4.5-3+squeeze2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#702548: pu: package libssh/0.4.5-3+squeeze2
From: Laurent Bigonville <bigon@debian.org>
Date: Fri, 08 Mar 2013 10:09:14 +0100
Message-id: <[🔎] 20130308090914.5442.36292.reportbug@soldur.bigon.be>
Reply-to: Laurent Bigonville <bigon@debian.org>, 702548@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I'm planning to upload a fix for bug #698963 (CVE-2013-0176) in
stable-proposed-updates.

CVE-2013-0176 is about a DOS in the server code that can be triggered
in some situations.

Cheers

Laurent Bigonville

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.7-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Naur libssh-0.4.5.orig/debian/patches/CVE-2013-0176.patch libssh-0.4.5/debian/patches/CVE-2013-0176.patch
--- libssh-0.4.5.orig/debian/patches/CVE-2013-0176.patch	1970-01-01 01:00:00.000000000 +0100
+++ libssh-0.4.5/debian/patches/CVE-2013-0176.patch	2013-03-01 10:55:34.655791206 +0100
@@ -0,0 +1,34 @@
+Fix CVE-2013-0176
+
+Original patch: http://git.libssh.org/projects/libssh.git/patch/?id=55b09f426417406bb25c0b9c474fbab1398b0dc8
+
+Patch based on backport from Marc Deslauriers
+
+diff -aur libssh-0.4.5.orig/libssh/server.c libssh-0.4.5/libssh/server.c
+--- libssh-0.4.5.orig/libssh/server.c	2010-07-13 10:15:57.000000000 +0200
++++ libssh-0.4.5/libssh/server.c	2013-03-01 10:30:39.751718858 +0100
+@@ -402,7 +402,11 @@
+       prv = session->rsa_key;
+       break;
+     default:
+-      prv = NULL;
++      ssh_set_error(session,
++                    SSH_FATAL,
++                    "Could not determine the specified hostkey");
++      string_free(f);
++      return -1;
+   }
+ 
+   pub = publickey_from_privatekey(prv);
+@@ -530,7 +534,9 @@
+   }
+ 
+   ssh_list_kex(session, &session->client_kex);
+-  crypt_set_algorithms_server(session);
++  if (crypt_set_algorithms_server(session) == SSH_ERROR) {
++    return -1;
++  }
+ 
+   if (dh_handshake_server(session) < 0) {
+     return -1;
+
diff -Naur libssh-0.4.5.orig/debian/patches/series libssh-0.4.5/debian/patches/series
--- libssh-0.4.5.orig/debian/patches/series	2012-11-28 01:03:23.000000000 +0100
+++ libssh-0.4.5/debian/patches/series	2013-03-01 10:55:42.455791585 +0100
@@ -3,3 +3,4 @@
 CVE-2012-4559.patch
 CVE-2012-4561.patch
 CVE-2012-4562.patch
+CVE-2013-0176.patch

Reply to:

Follow-Ups:
- Bug#702548: pu: package libssh/0.4.5-3+squeeze2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#702548: pu: package libssh/0.4.5-3+squeeze2
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#702547: unblock: unattended-upgrades/0.79.5
Next by Date: Bug#702412: pre-approval unblock: postfix
Previous by thread: Bug#702547: marked as done (unblock: unattended-upgrades/0.79.5)
Next by thread: Bug#702548: pu: package libssh/0.4.5-3+squeeze2
Index(es):
- Date
- Thread