Fedora has issued an advisory on October 1: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ The issue is fixed upstream in 8.8p1: https://www.openwall.com/lists/oss-security/2021/09/26/1 https://www.openssh.com/txt/release-8.8 https://www.openssh.com/security.html Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 8.8p1Whiteboard: (none) => MGA8TOO
Assigning to Guillaume for 'openssh'.
Assignee: bugsquad => guillomovitch
openSUSE has issued an advisory for this today (December 6): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BEK24NI33V77MMNQQN72LO2RGAF23X76/
openssh-8.8p1-1.mga9 uploaded for Cauldron by Guillaume on December 5. Patched package for Mageia 8 just uploaded by Guillaume. openssh-8.4p1-2.2.mga8 openssh-clients-8.4p1-2.2.mga8 openssh-askpass-gnome-8.4p1-2.2.mga8 openssh-askpass-common-8.4p1-2.2.mga8 openssh-server-8.4p1-2.2.mga8 from openssh-8.4p1-2.2.mga8.src.rpm
Version: Cauldron => 8Status comment: Fixed upstream in 8.8p1 => (none)Whiteboard: MGA8TOO => (none)CC: (none) => guillomovitchAssignee: guillomovitch => qa-bugs
CC: (none) => mageia
Installed and tested without issues. System: Mageia 8, x86_64, Intel CPU. Tested on several servers, VMs and containers, both as client and server. Tested using ssh CLI, ansible, virsh, X11 forwarding, port forwarding, etc. Tested systemd socket activation. Tested ssh-agent and ask password GUI. Tested authentication using passwords (enabled just for testing) and keys. No regressions found. $ uname -a Linux marte 5.15.6-desktop-2.mga8 #1 SMP Sat Dec 4 17:31:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep openssh | sort lxqt-openssh-askpass-0.16.0-2.mga8 openssh-8.4p1-2.2.mga8 openssh-askpass-common-8.4p1-2.2.mga8 openssh-askpass-qt5-2.1.0-9.mga8 openssh-clients-8.4p1-2.2.mga8 openssh-server-8.4p1-2.2.mga8
Whiteboard: (none) => MGA8-64-OK
MGA6-64 Plasma on Lenovo B50 in Dutch No instalation isssues Testing locally on this machine: # systemctl start sshd # systemctl -l status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-12-16 15:53:45 CET; 13min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 6110 (sshd) Tasks: 1 (limit: 9396) Memory: 1.0M CPU: 166ms CGroup: /system.slice/sshd.service └─6110 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups dec 16 16:02:15 mach5.hviaene.thuis sshd[7429]: error: maximum authentication attempts exceeded for invalid user tester8@ from 192.168.2.5 port 50028 ssh2 [preauth] dec 16 16:02:15 mach5.hviaene.thuis sshd[7429]: Disconnecting invalid user tester8@ 192.168.2.5 port 50028: Too many authentication failures [preauth] dec 16 16:02:15 mach5.hviaene.thuis sshd[7429]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.5 dec 16 16:05:17 mach5.hviaene.thuis sshd[7775]: Connection closed by 192.168.2.5 port 50030 [preauth] dec 16 16:05:32 mach5.hviaene.thuis sshd[7858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.5 user=tester8 dec 16 16:05:34 mach5.hviaene.thuis sshd[7854]: error: PAM: Authentication failure for tester8 from 192.168.2.5 dec 16 16:05:38 mach5.hviaene.thuis sshd[7854]: Accepted keyboard-interactive/pam for tester8 from 192.168.2.5 port 50032 ssh2 dec 16 16:05:38 mach5.hviaene.thuis sshd[7854]: pam_unix(sshd:session): session opened for user tester8 by (uid=0) dec 16 16:06:41 mach5.hviaene.thuis sshd[7949]: Accepted keyboard-interactive/pam for tester8 from 192.168.2.5 port 50034 ssh2 dec 16 16:06:41 mach5.hviaene.thuis sshd[7949]: pam_unix(sshd:session): session opened for user tester8 by (uid=0) As normal user: $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/tester8/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/tester8/.ssh/id_rsa Your public key has been saved in /home/tester8/.ssh/id_rsa.pub The key fingerprint is: etc.... Then I coulld connect from root to my normal user. Seems OK.
CC: (none) => herman.viaene
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0561.html
Status: NEW => RESOLVEDResolution: (none) => FIXED