1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6560-2

[USN-6560-2] OpenSSH vulnerabilities

Severity Medium
Affected Packages 12
CVEs 2
Info Packages Vulnerabilities

Several security issues were fixed in OpenSSH.

USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue. (CVE-2023-48795)

It was discovered that OpenSSH incorrectly handled user names or host names
with shell metacharacters. An attacker could possibly use this issue to
perform OS command injection. This only affected Ubuntu 18.04 LTS. (CVE-2023-51385)

Package Affected Version
pkg:deb/ubuntu/ssh?distro=xenial < 7.2p2-4ubuntu2.10+esm5
pkg:deb/ubuntu/ssh?distro=bionic < 7.6p1-4ubuntu0.7+esm3
pkg:deb/ubuntu/ssh-krb5?distro=xenial < 7.2p2-4ubuntu2.10+esm5
pkg:deb/ubuntu/ssh-askpass-gnome?distro=xenial < 7.2p2-4ubuntu2.10+esm5
pkg:deb/ubuntu/ssh-askpass-gnome?distro=bionic < 7.6p1-4ubuntu0.7+esm3
pkg:deb/ubuntu/openssh-sftp-server?distro=xenial < 7.2p2-4ubuntu2.10+esm5
pkg:deb/ubuntu/openssh-sftp-server?distro=bionic < 7.6p1-4ubuntu0.7+esm3
pkg:deb/ubuntu/openssh-server?distro=xenial < 7.2p2-4ubuntu2.10+esm5
pkg:deb/ubuntu/openssh-server?distro=bionic < 7.6p1-4ubuntu0.7+esm3
pkg:deb/ubuntu/openssh-client?distro=xenial < 7.2p2-4ubuntu2.10+esm5
pkg:deb/ubuntu/openssh-client?distro=bionic < 7.6p1-4ubuntu0.7+esm3
pkg:deb/ubuntu/openssh-client-ssh1?distro=xenial < 7.2p2-4ubuntu2.10+esm5
ID
USN-6560-2
Severity
medium
Severity from
CVE-2023-51385
URL
https://ubuntu.com/security/notices/USN-6560-2
Published
2024-01-11T16:53:56
(8 months ago)
Modified
2024-01-11T16:53:56
(8 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/ssh?distro=xenial ubuntu ssh < 7.2p2-4ubuntu2.10+esm5 xenial
Affected pkg:deb/ubuntu/ssh?distro=bionic ubuntu ssh < 7.6p1-4ubuntu0.7+esm3 bionic
Affected pkg:deb/ubuntu/ssh-krb5?distro=xenial ubuntu ssh-krb5 < 7.2p2-4ubuntu2.10+esm5 xenial
Affected pkg:deb/ubuntu/ssh-askpass-gnome?distro=xenial ubuntu ssh-askpass-gnome < 7.2p2-4ubuntu2.10+esm5 xenial
Affected pkg:deb/ubuntu/ssh-askpass-gnome?distro=bionic ubuntu ssh-askpass-gnome < 7.6p1-4ubuntu0.7+esm3 bionic
Affected pkg:deb/ubuntu/openssh-sftp-server?distro=xenial ubuntu openssh-sftp-server < 7.2p2-4ubuntu2.10+esm5 xenial
Affected pkg:deb/ubuntu/openssh-sftp-server?distro=bionic ubuntu openssh-sftp-server < 7.6p1-4ubuntu0.7+esm3 bionic
Affected pkg:deb/ubuntu/openssh-server?distro=xenial ubuntu openssh-server < 7.2p2-4ubuntu2.10+esm5 xenial
Affected pkg:deb/ubuntu/openssh-server?distro=bionic ubuntu openssh-server < 7.6p1-4ubuntu0.7+esm3 bionic
Affected pkg:deb/ubuntu/openssh-client?distro=xenial ubuntu openssh-client < 7.2p2-4ubuntu2.10+esm5 xenial
Affected pkg:deb/ubuntu/openssh-client?distro=bionic ubuntu openssh-client < 7.6p1-4ubuntu0.7+esm3 bionic
Affected pkg:deb/ubuntu/openssh-client-ssh1?distro=xenial ubuntu openssh-client-ssh1 < 7.2p2-4ubuntu2.10+esm5 xenial
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date