Bug#729029: openssh: Memory corruption in AES-GCM support

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#729029: openssh: Memory corruption in AES-GCM support
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 08 Nov 2013 06:38:17 +0100
Message-id: <[🔎] 20131108053817.603.59308.reportbug@m25s06.vlinux.de>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 729029@bugs.debian.org

Package: openssh
Severity: grave
Tags: security
Justification: user security hole

Please see http://www.openssh.com/txt/gcmrekey.adv

No CVE ID has been assigned yet.

AES-GCM support was introduced in 6.2, so oldstable and stable should
be fine (from http://www.openssh.com/txt/release-6.2):

| * ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
|   SSH protocol 2. The new cipher is available as aes128-gcm@openssh.com
|   and aes256-gcm@openssh.com. It uses an identical packet format to the
|   AES-GCM mode specified in RFC 5647, but uses simpler and different
|   selection rules during key exchange.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#729029: openssh: Memory corruption in AES-GCM support
  - From: Colin Watson <cjwatson@debian.org>
- Processed: Re: Bug#729029: openssh: Memory corruption in AES-GCM support
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#729029: marked as done (openssh: CVE-2013-4548: Memory corruption in AES-GCM support)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#714526: Bug#708296: git-buildpackage: gbp-pull "sleeps" with git+ssh:// and ssh sockets
Next by Date: Processed: user debian-security@lists.debian.org, usertagging 729029 ...
Previous by thread: Bug#714526: Bug#708296: git-buildpackage: gbp-pull "sleeps" with git+ssh:// and ssh sockets
Next by thread: Bug#729029: openssh: Memory corruption in AES-GCM support
Index(es):
- Date
- Thread