This patch is unnecessary with OpenSSH 6.5p1 and newer, because kbdint_alloc now uses xcalloc rather than xmalloc and thus zeroes the entire structure. The regression fix was thus only needed for precise and not for later releases; I'll drop it from wily shortly when resyncing with unstable, in the cause of keeping a smaller delta against upstream.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1485719 Title: Uninitialized struct field in the fix for CVE-2015-5600 causes random auth failures Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Precise: Fix Released Status in openssh source package in Trusty: Fix Released Status in openssh source package in Vivid: Fix Released Status in openssh source package in Wily: Fix Released Bug description: In Ubuntu 12.04, the fix for CVE-2015-5600[1] just hit upstream in package openssh-server_5.9p1-5ubuntu1.6, breaking authentication mechanisms that rely on the keyboard-interactive method. This patch introduces the field 'devices_done' to the KbdintAuthctxt struct, but does not initialize the field in the kbdint_alloc() function. On Linux, this ends up filling that field with junk data. The attached patch against adds the initialization of the `devices_done` field alongside the existing initialization code. This has also been reported upstream. Reproducing: Install openssh-server_5.9p1-5ubuntu1.6 Add an authentication mechanism that uses the keyboard-interactive method (like libpam-google-authenticator) Attempt to log in via the above mechanism. Instead of consistently prompting the user for input, it will sometimes fall straight through to password auth because the devices_done bit field is initialized with garbage data. Downgrading to openssh-server_5.9p1-5ubuntu1.4 solves the issue. [1]: http://cvsweb.openbsd.org/cgi- bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1485719/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
