Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 615
Alerts This Week
Warning Icon 1 615

Ubuntu 23.10 USN-6599-1 low: openssl critical patch update

ubuntu
Calendar Grey January 25, 2024
Dist Ubuntu Esm H88
OpenSSH vulnerabilities resolved in several Debian releases to tackle SSH protocol weaknesses and prevent potential exploit scenarios.
A protocol flaw was fixed in Paramiko.

Summary

A protocol flaw was fixed in Paramiko.

Software Description:

- paramiko: Python SSH2 library

Details:

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH

protocol was vulnerable to a prefix truncation attack. If a remote attacker

was able to intercept SSH communications, extension negotiation messages

could be truncated, possibly leading to certain algorithms and features

being downgraded. This issue is known as the Terrapin attack. This update

adds protocol extensions to mitigate this issue.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   python3-paramiko                2.12.0-2ubuntu1.23.10.2

Ubuntu 22.04 LTS:
   python3-paramiko                2.9.3-0ubuntu1.2

Ubuntu 20.04 LTS:
   python3-paramiko                2.6.0-2ubuntu0.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6598-1

CVE-2023-48795

Severity
low
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6598-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.