weak preferred kex in 16.04 LTS

..maybe it's worth mentioning that there is no way to change this preferred kex list from the outside (in a client app) before it's being used. Hence the requirement for the patch.

Hi Fabien,

Can we make this public?

sure, done

any follow-up? anyone? I can probably prepare a debdiff but I can no longer sign it, my packager gpg key expired a long time ago.

The attachment "debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Could someone please have a look at this debdiff and maybe sponsor it? Thanks

I'm not sure if this should be an SRU or a security sponsored update; it feels like a good idea either way, though.

Thanks

Hi Fabian,

I'm okay with these re-orderings, except for the change to prefer ecdsa-sha2-nistp256 over ssh-rsa (and ssh-dss). openssh in 16.04 and 18.04 prefers the ssh-* algorithms over the ecdsa-sha2-nistp* algorithms (as reported by 'ssh -Q key').

Thanks.

I've now pushed packages to the https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages for xenial and artful that include the changes mentioned along with a fixe for CVE-2018-7750. Any feedback on these would be appreciated.

Thanks!

This bug was fixed in the package paramiko - 2.0.0-1ubuntu0.1

---------------
paramiko (2.0.0-1ubuntu0.1) artful-security; urgency=medium

  [Steve Beattie]
  * SECURITY UPDATE: customized clients can skip auth
    - 0004-Fixes-CVE-2018-7750-1175.patch: send message failure if not
      authenticated and message type is a service request
    - 0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch,
      0003-Initial-tests-proving-CVE-2018-7750-1175.patch:
      add testcases plus prereq
    - CVE-2018-7750

  [ Fabien Tassin ]
  * SECURITY UPDATE: weak diffie-hellman-group1-sha1 kex always preferred (LP: #1728607)
    - 0010-git-c1233679c44-change-order-of-preferred-kex-and-hmac-algorithms.patch
    - 0011-git-b395444062e-Reorder-cipher-and-key-preferences-to-make-more-sense.patch
    Backport of the upstream changes from 2.3.1, matching the OpenSSH 7
    deprecation of diffie-hellman-group1-sha1 (http://www.openssh.com/legacy.html).
    This patch doesn't remove the support of diffie-hellman-group1-sha1 but
    makes it the least preferred kex for backward compatibility

 -- Steve Beattie <email address hidden> Fri, 16 Mar 2018 15:44:26 -0700

This bug was fixed in the package paramiko - 1.16.0-1ubuntu0.1

---------------
paramiko (1.16.0-1ubuntu0.1) xenial-security; urgency=medium

  [Steve Beattie]
  * SECURITY UPDATE: customized clients can skip auth
    - 0004-Fixes-CVE-2018-7750-1175.patch: send message failure if not
      authenticated and message type is a service request
    - 0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch,
      0003-Initial-tests-proving-CVE-2018-7750-1175.patch:
      add testcases plus prereq
    - CVE-2018-7750

  [ Fabien Tassin ]
  * SECURITY UPDATE: weak diffie-hellman-group1-sha1 kex always preferred (LP: #1728607)
    - 0010-git-c1233679c44-change-order-of-preferred-kex-and-hmac-algorithms.patch
    - 0011-git-b395444062e-Reorder-cipher-and-key-preferences-to-make-more-sense.patch
    Backport of the upstream changes from 2.3.1, matching the OpenSSH 7
    deprecation of diffie-hellman-group1-sha1 (http://www.openssh.com/legacy.html).
    This patch doesn't remove the support of diffie-hellman-group1-sha1 but
    makes it the least preferred kex for backward compatibility

 -- Steve Beattie <email address hidden> Thu, 15 Mar 2018 14:23:22 -0700