[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#906236: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy

On Mon, Sep 17, 2018 at 10:58:15AM +0200, Joost van Baal-Ilić wrote:
> Hi,
> After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to 6.0p1-4+deb7u8,
> we see
>  Sep 17 10:47:13 host sshd[124622]: Failed publickey for root from port 39792 ssh2
>  Sep 17 10:47:13 host sshd[124622]: fatal: xfree: NULL pointer given as argument [preauth]
> .  Login fails:
>  joostvb@home:~% ssh root@host
>  Authentication failed.
> .  Downgrading back to 6.0p1-4+deb7u7 restores login functionality.
> Behaviour observed on 2 of our machines.  Possibly more debug information
> available; please ask.
> Bye,
> Joost

Thanks to your detailed report and the supplementary information you
provided I have been able to determine the cause of the defect in the
patch for openssh 1:6.0p1-4+deb7u8.  I have just uploaded a new openssh
(version 1:6.0p1-4+deb7u10) and published an updated advisory

With the additional information I received from you I was able to
perform much more thorough testing of these packages and specific
testing to ensure that the defect has been corrected.



Roberto C. Sánchez

Reply to: