Candidate: CVE-2019-16905
PublicDate: 2019-10-09 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16905
 https://0day.life/exploits/0day-1009.html
 https://www.openssh.com/releasenotes.html
 https://www.openwall.com/lists/oss-security/2019/10/09/1
Description:
 OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an
 experimental key type, has a pre-authentication integer overflow if a
 client or server is configured to use a crafted XMSS key. This leads to
 memory corruption and local code execution because of an error in the XMSS
 key parsing algorithm. NOTE: the XMSS implementation is considered
 experimental in all released OpenSSH versions, and there is no supported
 way to enable it when building portable OpenSSH.
Ubuntu-Description:
Notes:
 mdeslaur> code isn't built in Ubuntu packages
Mitigation:
Bugs:
 https://bugzilla.suse.com/show_bug.cgi?id=1153537
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_openssh:
 upstream: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h
upstream_openssh: needs-triage
precise/esm_openssh: not-affected (code not present)
trusty_openssh: ignored (out of standard support)
trusty/esm_openssh: not-affected (code not present)
xenial_openssh: not-affected (code not present)
esm-infra/xenial_openssh: not-affected (code not present)
bionic_openssh: not-affected (code not present)
disco_openssh: not-affected (code not built)
devel_openssh: not-affected (code not built)

Patches_openssh-ssh1:
upstream_openssh-ssh1: ignored (frozen on openssh 7.5p)
precise/esm_openssh-ssh1: DNE
trusty_openssh-ssh1: DNE
trusty/esm_openssh-ssh1: DNE
xenial_openssh-ssh1: DNE
bionic_openssh-ssh1: not-affected (code not present)
disco_openssh-ssh1: not-affected (code not present)
devel_openssh-ssh1: not-affected (code not present)