Bug#906236: fatal regression in openssh (1:6.0p1-4+deb7u8) elts for 7/wheezy
On Mon, Sep 17, 2018 at 10:58:15AM +0200, Joost van Baal-Ilić wrote:
> After upgrading openssh on debian 7/wheezy from 6.0p1-4+deb7u7 to 6.0p1-4+deb7u8,
> we see
> Sep 17 10:47:13 host sshd: Failed publickey for root from 18.104.22.168 port 39792 ssh2
> Sep 17 10:47:13 host sshd: fatal: xfree: NULL pointer given as argument [preauth]
> . Login fails:
> joostvb@home:~% ssh root@host
> Authentication failed.
> . Downgrading back to 6.0p1-4+deb7u7 restores login functionality.
> Behaviour observed on 2 of our machines. Possibly more debug information
> available; please ask.
Thanks to your detailed report and the supplementary information you
provided I have been able to determine the cause of the defect in the
patch for openssh 1:6.0p1-4+deb7u8. I have just uploaded a new openssh
(version 1:6.0p1-4+deb7u10) and published an updated advisory
With the additional information I received from you I was able to
perform much more thorough testing of these packages and specific
testing to ensure that the defect has been corrected.
Roberto C. Sánchez