Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 22.04 LTS: USN-7292-1 High Risk: Dropbear Access Vulnerabilities

ubuntu
Calendar Grey February 25, 2025
Dist Ubuntu Esm H88
The Ubuntu Security Announcement USN-7293-1 tackles several vulnerabilities found in OpenSSH affecting the latest LTS releases.
Several security issues were fixed in dropbear.

Summary

Several security issues were fixed in dropbear.

Software Description:

- dropbear: lightweight SSH2 server and client

Details:

Manfred Kaiser discovered that Dropbear through 2020.81 does not properly

check the available authentication methods in the client-side SSH code.

An attacker could use this vulnerability to gain unauthorized access to

remote systems. (CVE-2021-36369)

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH

transport protocol implementation in Dropbear had weak integrity checks.

An attacker could use this vulnerability to bypass security features

like encryption and integrity checks. (CVE-2023-48795)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   dropbear                        2020.81-5ubuntu0.1
   dropbear-bin                    2020.81-5ubuntu0.1

Ubuntu 20.04 LTS
   dropbear                        2019.78-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   dropbear-bin                    2019.78-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   dropbear                        2017.75-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   dropbear-bin                    2017.75-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7292-1

CVE-2021-36369, CVE-2023-48795

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7292-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here