USN-7292-1

Details

Manfred Kaiser discovered that Dropbear through 2020.81 does not properly check the available authentication methods in the client-side SSH code. An attacker could use this vulnerability to gain unauthorized access to remote systems. (CVE-2021-36369)

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH transport protocol implementation in Dropbear had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. (CVE-2023-48795)

Affected Packages

Ubuntu:22.04:LTSdropbear

Fixed in:

2020.81-5ubuntu0.1

Ubuntu:Pro:18.04:LTSdropbear

Fixed in:

2017.75-3ubuntu0.1~esm1

Ubuntu:Pro:20.04:LTSdropbear

Fixed in:

2019.78-2ubuntu0.1~esm1

References

REPORThttps://ubuntu.com/security/CVE-2021-36369 REPORThttps://ubuntu.com/security/CVE-2023-48795 ADVISORYhttps://ubuntu.com/security/notices/USN-7292-1

USN-7292-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline