Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 25.10 Go Cryptography Important Denial of Service Vuln USN-8519-1

ubuntu
Calendar Grey July 9, 2026
Dist Ubuntu Esm H88
Go Cryptography on Ubuntu faces significant risk from crafted traffic, leading to potential crashes requiring urgent updates.
Go Cryptography could be made to crash if it received specially crafted network traffic.

Summary

Go Cryptography could be made to crash if it received specially crafted

network traffic.

Software Description:

- golang-go.crypto: Supplementary Go cryptography libraries

Details:

Jakub Ciolek and Nicola Murino discovered that Go Cryptography incorrectly

handled SSH agent responses. An attacker could use this to cause a denial

of service. (CVE-2025-47913)

Yuichi Watanabe discovered that Go Cryptography incorrectly handled SSH

key exchanges. An attacker could use this to cause a denial of service.

(CVE-2025-22869)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  golang-golang-x-crypto-dev      1:0.25.0-1ubuntu0.1

Ubuntu 24.04 LTS
  golang-golang-x-crypto-dev      1:0.19.0-1ubuntu0.1~esm3
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  golang-golang-x-crypto-dev      1:0.0~git20211202.5770296-1ubuntu0.1~esm3
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  golang-golang-x-crypto-dev      1:0.0~git20200221.2aa609c-1ubuntu0.1~esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  golang-go.crypto-dev            1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm3
                                  Available with Ubuntu Pro
  golang-golang-x-crypto-dev      1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  golang-go.crypto-dev            1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm3
                                  Available with Ubuntu Pro
  golang-golang-x-crypto-dev      1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8519-1

CVE-2025-22869, CVE-2025-47913

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8519-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.