Several security issues were fixed in dropbear.
Software Description:
- dropbear: lightweight SSH2 server and client
Details:
Manfred Kaiser discovered that Dropbear through 2020.81 does not properly
check the available authentication methods in the client-side SSH code.
An attacker could use this vulnerability to gain unauthorized access to
remote systems. (CVE-2021-36369)
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH
transport protocol implementation in Dropbear had weak integrity checks.
An attacker could use this vulnerability to bypass security features
like encryption and integrity checks. (CVE-2023-48795)
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
dropbear 2020.81-5ubuntu0.1
dropbear-bin 2020.81-5ubuntu0.1
Ubuntu 20.04 LTS
dropbear 2019.78-2ubuntu0.1~esm1
Available with Ubuntu Pro
dropbear-bin 2019.78-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
dropbear 2017.75-3ubuntu0.1~esm1
Available with Ubuntu Pro
dropbear-bin 2017.75-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7292-1
CVE-2021-36369, CVE-2023-48795
Get the latest Linux and open source security news straight to your inbox.