USN-7292-1
- Source
- https://ubuntu.com/security/notices/USN-7292-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7292-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7292-1
- Related
- Published
- 2025-02-25T12:33:22.375933Z
- Modified
- 2025-02-25T12:33:22.375933Z
- Summary
- Several security issues were fixed in Dropbear
- Details
-
Manfred Kaiser discovered that Dropbear through 2020.81 does not properly check the available authentication methods in the client-side SSH code. An attacker could use this vulnerability to gain unauthorized access to remote systems. (CVE-2021-36369)
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH transport protocol implementation in Dropbear had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. (CVE-2023-48795)
- References
Affected packages
Ubuntu:Pro:18.04:LTS / dropbear
Package
- Name
- dropbear
- Purl
- pkg:deb/ubuntu/dropbear@2017.75-3ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2017.75-3ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "2017.75-3ubuntu0.1~esm1",
"binary_name": "dropbear"
},
{
"binary_version": "2017.75-3ubuntu0.1~esm1",
"binary_name": "dropbear-bin"
},
{
"binary_version": "2017.75-3ubuntu0.1~esm1",
"binary_name": "dropbear-bin-dbgsym"
},
{
"binary_version": "2017.75-3ubuntu0.1~esm1",
"binary_name": "dropbear-initramfs"
},
{
"binary_version": "2017.75-3ubuntu0.1~esm1",
"binary_name": "dropbear-run"
}
]
}
Ubuntu:Pro:20.04:LTS / dropbear
Package
- Name
- dropbear
- Purl
- pkg:deb/ubuntu/dropbear@2019.78-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2019.78-2ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "2019.78-2ubuntu0.1~esm1",
"binary_name": "dropbear"
},
{
"binary_version": "2019.78-2ubuntu0.1~esm1",
"binary_name": "dropbear-bin"
},
{
"binary_version": "2019.78-2ubuntu0.1~esm1",
"binary_name": "dropbear-bin-dbgsym"
},
{
"binary_version": "2019.78-2ubuntu0.1~esm1",
"binary_name": "dropbear-initramfs"
},
{
"binary_version": "2019.78-2ubuntu0.1~esm1",
"binary_name": "dropbear-run"
}
]
}
Ubuntu:22.04:LTS / dropbear
Package
- Name
- dropbear
- Purl
- pkg:deb/ubuntu/dropbear@2020.81-5ubuntu0.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2020.81-5ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2020.81-5ubuntu0.1",
"binary_name": "dropbear"
},
{
"binary_version": "2020.81-5ubuntu0.1",
"binary_name": "dropbear-bin"
},
{
"binary_version": "2020.81-5ubuntu0.1",
"binary_name": "dropbear-bin-dbgsym"
},
{
"binary_version": "2020.81-5ubuntu0.1",
"binary_name": "dropbear-initramfs"
},
{
"binary_version": "2020.81-5ubuntu0.1",
"binary_name": "dropbear-run"
}
]
}