USN-6560-2

Source
https://ubuntu.com/security/notices/USN-6560-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6560-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6560-2
Related
Published
2024-01-11T16:53:56.906191Z
Modified
2024-01-11T16:53:56.906191Z
Summary
openssh vulnerabilities
Details

USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. (CVE-2023-48795)

It was discovered that OpenSSH incorrectly handled user names or host names with shell metacharacters. An attacker could possibly use this issue to perform OS command injection. This only affected Ubuntu 18.04 LTS. (CVE-2023-51385)

References

Affected packages

Ubuntu:Pro:16.04:LTS / openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:7.2p2-4ubuntu2.10+esm5

Affected versions

1:6.*

1:6.9p1-2
1:6.9p1-3

1:7.*

1:7.1p1-1
1:7.1p1-3
1:7.1p1-4
1:7.1p1-6
1:7.1p2-1
1:7.1p2-2
1:7.2p1-1
1:7.2p2-1
1:7.2p2-2
1:7.2p2-3
1:7.2p2-4
1:7.2p2-4ubuntu1
1:7.2p2-4ubuntu2.1
1:7.2p2-4ubuntu2.2
1:7.2p2-4ubuntu2.4
1:7.2p2-4ubuntu2.5
1:7.2p2-4ubuntu2.6
1:7.2p2-4ubuntu2.7
1:7.2p2-4ubuntu2.8
1:7.2p2-4ubuntu2.10
1:7.2p2-4ubuntu2.10+esm1
1:7.2p2-4ubuntu2.10+esm2
1:7.2p2-4ubuntu2.10+esm3
1:7.2p2-4ubuntu2.10+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-client"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-client-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-client-ssh1"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-client-ssh1-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-client-udeb"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-client-udeb-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-server"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-server-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-server-udeb"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-server-udeb-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-sftp-server"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "openssh-sftp-server-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "ssh"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "ssh-askpass-gnome"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "ssh-askpass-gnome-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-4ubuntu2.10+esm5",
            "binary_name": "ssh-krb5"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:7.6p1-4ubuntu0.7+esm3

Affected versions

1:7.*

1:7.5p1-10
1:7.6p1-4
1:7.6p1-4ubuntu0.1
1:7.6p1-4ubuntu0.2
1:7.6p1-4ubuntu0.3
1:7.6p1-4ubuntu0.5
1:7.6p1-4ubuntu0.6
1:7.6p1-4ubuntu0.7
1:7.6p1-4ubuntu0.7+esm1
1:7.6p1-4ubuntu0.7+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "openssh-client"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "openssh-client-dbgsym"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "openssh-client-udeb"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "openssh-server"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "openssh-server-dbgsym"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "openssh-server-udeb"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "openssh-sftp-server"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "openssh-sftp-server-dbgsym"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "ssh"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "ssh-askpass-gnome"
        },
        {
            "binary_version": "1:7.6p1-4ubuntu0.7+esm3",
            "binary_name": "ssh-askpass-gnome-dbgsym"
        }
    ]
}