Am Tue, Apr 30, 2024 at 06:04:34PM +0100 schrieb Steve McIntyre:
> Hi!
>
> On Tue, Dec 19, 2023 at 09:31:00AM +0100, Salvatore Bonaccorso wrote:
> >Source: python-asyncssh
> >Version: 2.10.1-2
> >Severity: important
> >Tags: security upstream
> >X-Debbugs-Cc: car...@debian.org, Debian Security Team
> ><t...@security.debian.org>
> >
> >Hi,
> >
> >The following vulnerability was published for python-asyncssh.
> >
> >CVE-2023-48795[0]:
> >| The SSH transport protocol with certain OpenSSH extensions, found in
> >| OpenSSH before 9.6 and other products, allows remote attackers to
> >| bypass integrity checks such that some packets are omitted (from the
> >| extension negotiation message), and a client and server may
> >| consequently end up with a connection for which some security
> >| features have been downgraded or disabled, aka a Terrapin attack.
> >| This occurs because the SSH Binary Packet Protocol (BPP),
> >| implemented by these extensions, mishandles the handshake phase and
> >| mishandles use of sequence numbers. For example, there is an
> >| effective attack against SSH's use of ChaCha20-Poly1305 (and CBC
> >| with Encrypt-then-MAC). The bypass occurs in
> >| chacha20-poly1...@openssh.com and (if CBC is used) the
> >| -e...@openssh.com MAC algorithms. This also affects Maverick Synergy
> >| Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh
> >| before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before
> >| 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and
> >| libssh2 through 1.11.0; and there could be effects on Bitvise SSH
> >| through 9.31.
>
> We wanted this fixed in Pexip, so I've taken a look at this bug.
>
> The upstream bugfix just needs a small rework so it applies cleanly to
> the version in bookworm. Here's a debdiff for that that in case it's
> useful.
Thanks Steve, I'm currently going through the longer tail
of open security issues in Bookworm, will release this
via a DSA in the next week.
Cheers,
Moritz
