CVE-2016-0787

Debdiff for Yakkety

The vuln has no specific known attack methods so there is no public exploit available. Package tests have passed and I used a somewhat unusual method to explicitly regression test. Package php-ssh2 depends on libssh2.

<?php

$server="ssh.host.name";

// DH Group1 SHA1 uses patched sha1 KEX

$methods = array(
    'kex' => 'diffie-hellman-group1-sha1'
);

// Make our connection
$connection = ssh2_connect($server, 22, $methods);

if (!$connection) die('Connection failed');

$methods_neg = ssh2_methods_negotiated($connection);
echo "Keys negotiated with: {$methods_neg['kex']}\n";
echo "Client-to-server uses these methods:\n";
echo " Encryption: {$methods_neg["client_to_server"]["crypt"]}\n";
echo " Compression: {$methods_neg["client_to_server"]["comp"]}\n";
echo "Server-to-client uses these methods:\n";
echo " Encryption: {$methods_neg["server_to_client"]["crypt"]}\n";
echo " Compression: {$methods_neg["server_to_client"]["comp"]}\n";

The attachment "Debdiff for yakkety" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Tweaked this debdiff changelog for Zesty upload. Same package version as Yakkety.

Debdiff for xenial

Thanks for these Brian; the shared yakkety and zesty versions are a complication though. I'll have to get advice before we can publish these.

Thanks

No problem, just let me know if they need different versioning because of the potential conflict. I plan to produce one for trusty shortly. At this point, is the team encouraging CVE fixes for precise? This is not easy to exploit, so it might not be worth the review/publishing time.

This bug was fixed in the package libssh2 - 1.7.0-1ubuntu0.1

---------------
libssh2 (1.7.0-1ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Generated secrets too short during key exchange
    (LP: #1664812).
    - debian/patches/CVE-2016-0787.patch: convert bytes to bits in random
      number generation. Based on upstream patch.
    - CVE-2016-0787

 -- Brian Morton <email address hidden> Tue, 14 Feb 2017 22:51:13 -0500

Thanks Brian, we decided to put zesty's version number at 1.7.0-1ubuntu1.

If you're interested and have the time to work on precise, that'd be welcome, and we'd happily publish it.

Thanks

Debdiff for trusty

Brian, the trusty patch is actually an unsigned .dsc file, not a debdiff.

Thanks

Seth, sorry about that. I think I was moving a little too quickly on that one. Corrected one attached.

Thanks Brian, I've published the updates for precise and trusty.