========================================================================== Ubuntu Security Notice USN-7292-1 February 25, 2025
Several security issues were fixed in Dropbear
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in dropbear.
Software Description:
- dropbear: lightweight SSH2 server and client
Details:
Manfred Kaiser discovered that Dropbear through 2020.81 does not properly
check the available authentication methods in the client-side SSH code.
An attacker could use this vulnerability to gain unauthorized access to
remote systems. (CVE-2021-36369)
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH
transport protocol implementation in Dropbear had weak integrity checks.
An attacker could use this vulnerability to bypass security features
like encryption and integrity checks. (CVE-2023-48795)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
dropbear 2020.81-5ubuntu0.1
dropbear-bin 2020.81-5ubuntu0.1
Ubuntu 20.04 LTS
dropbear 2019.78-2ubuntu0.1~esm1
Available with Ubuntu Pro
dropbear-bin 2019.78-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
dropbear 2017.75-3ubuntu0.1~esm1
Available with Ubuntu Pro
dropbear-bin 2017.75-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7292-1
CVE-2021-36369, CVE-2023-48795
Package Information:
https://launchpad.net/ubuntu/+source/dropbear/2020.81-5ubuntu0.1
OpenPGP_signature.asc
Description: OpenPGP digital signature
