Bug#906236: openssh: delay bailout for invalid authenticating user until after the packet

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#906236: openssh: delay bailout for invalid authenticating user until after the packet
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 15 Aug 2018 21:44:26 +0200
Message-id: <[🔎] 153436226668.6714.11130467831594285376.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 906236@bugs.debian.org

Source: openssh
Version: 1:7.7p1-1
Severity: important
Tags: patch security upstream

Hi

See http://www.openwall.com/lists/oss-security/2018/08/15/5 for
details.

Upstream patch:

https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: Bug #906236 in openssh marked as pending
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#906236: marked as done (openssh: delay bailout for invalid authenticating user until after the packet)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#906236: openssh: delay bailout for invalid authenticating user until after the packet
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Processed: Re: Bug#906236: openssh: delay bailout for invalid authenticating user until after the packet
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
  - From: Chris Lamb <lamby@debian.org>
- Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
  - From: Chris Lamb <lamby@debian.org>
- Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
  - From: Sébastien Delafond <seb@debian.org>
- Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
  - From: Chris Lamb <lamby@debian.org>
- Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
  - From: Sébastien Delafond <seb@debian.org>
- Bug#906236: marked as done (openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#873884: [openssh-server] At boot time ssh is listening at port 22 rather than the one configured in sshd_config
Next by Date: Processed: found 906236 in 1:6.7p1-1
Previous by thread: Bug#873884: [openssh-server] At boot time ssh is listening at port 22 rather than the one configured in sshd_config
Next by thread: Processed: Bug #906236 in openssh marked as pending
Index(es):
- Date
- Thread