Google Guest Agent could be made to crash if it received specially
crafted network traffic.
Software Description:
- google-guest-agent: Google Compute Engine Guest Agent
Details:
Jakub Ciolek discovered that the Go Cryptography module included in
Google Guest Agent did not validate GSSAPI authentication requests during
SSH operations. An attacker could possibly use this issue to cause a
denial of service.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
google-guest-agent 20250506.01-0ubuntu1.1
Ubuntu 25.04
google-guest-agent 20250116.00-0ubuntu2.2
Ubuntu 24.04 LTS
google-guest-agent 20250116.00-0ubuntu1~24.04.3
Ubuntu 22.04 LTS
google-guest-agent 20250116.00-0ubuntu1~22.04.2
Ubuntu 20.04 LTS
google-guest-agent 20250116.00-0ubuntu1~20.04.0+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
google-guest-agent 20241011.01-0ubuntu1~18.04.0+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
google-guest-agent 20240716.00-0ubuntu1~16.04.0+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7956-1
CVE-2025-58181
Get the latest Linux and open source security news straight to your inbox.