Public bug reported:
The automatic updates applied a new version of python3-crypto which now
breaks paramiko ssh connections.
The change log for crypto shows me this, which is exactly the error I am seeing.
python-crypto (2.6.1-6ubuntu0.16.04.1) xenial-security; urgency=medium
* SECURITY UPDATE: throw exception when IV used with ECB or CTR
- debian/patches/CVE-2013-7459.patch: force exception when IV used ECB/CTR
- CVE-2013-7459.patch
-- Emily Ratliff <emily.ratl...@canonical.com> Tue, 14 Feb 2017
16:05:02 -0600
I found the upgrade from /var/log/apt/history.log
Start-Date: 2017-02-17 07:04:27
Commandline: /usr/bin/unattended-upgrade
Upgrade: <clipped> python3-crypto:amd64 (2.6.1-6build1,
2.6.1-6ubuntu0.16.04.1), <clipped>
End-Date: 2017-02-17 07:04:56
$ lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
$ apt-cache policy python3-paramiko
python3-paramiko:
Installed: 1.16.0-1
Candidate: 1.16.0-1
Version table:
*** 1.16.0-1 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages
100 /var/lib/dpkg/status
$ apt-cache policy python3-crypto
python3-crypto:
Installed: 2.6.1-6ubuntu0.16.04.1
Candidate: 2.6.1-6ubuntu0.16.04.1
Version table:
*** 2.6.1-6ubuntu0.16.04.1 500
500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
Packages
100 /var/lib/dpkg/status
2.6.1-6build1 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
A simple test that should connect (and used to) but now doesn't
Python 3.5.2 (default, Nov 17 2016, 17:05:23)
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import paramiko
>>> ssh = paramiko.SSHClient()
>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
>>> ssh.connect("192.168.2.46", username='xxxx', password='xxxx')
Unknown exception: CTR mode needs counter parameter, not IV
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 1744, in run
self.kex_engine.parse_next(ptype, m)
File "/usr/lib/python3/dist-packages/paramiko/kex_group1.py", line 75, in
parse_next
return self._parse_kexdh_reply(m)
File "/usr/lib/python3/dist-packages/paramiko/kex_group1.py", line 112, in
_parse_kexdh_reply
self.transport._activate_outbound()
File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2074, in
_activate_outbound
engine = self._get_cipher(self.local_cipher, key_out, IV_out)
File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 1649, in
_get_cipher
return self._cipher_info[name]['class'].new(key,
self._cipher_info[name]['mode'], iv, counter)
File "/usr/lib/python3/dist-packages/Crypto/Cipher/AES.py", line 94, in new
return AESCipher(key, *args, **kwargs)
File "/usr/lib/python3/dist-packages/Crypto/Cipher/AES.py", line 59, in
__init__
blockalgo.BlockAlgo.__init__(self, _AES, key, *args, **kwargs)
File "/usr/lib/python3/dist-packages/Crypto/Cipher/blockalgo.py", line 141,
in __init__
self._cipher = factory.new(key, *args, **kwargs)
ValueError: CTR mode needs counter parameter, not IV
** Affects: paramiko (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665752
Title:
Cannot make simple connection with new python3-crypto version
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/paramiko/+bug/1665752/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
