[USN-6738-1] LXD vulnerability
Severity
Medium
Affected Packages
8
CVEs
1
LXD could be made to bypass integrity checks if it received specially crafted input.
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD
incorrectly handled the handshake phase and the use of sequence numbers in SSH
Binary Packet Protocol (BPP). If a user or an automated system were tricked
into opening a specially crafted input file, a remote attacker could possibly
use this issue to bypass integrity checks.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/lxd?distro=xenial | < 2.0.11-0ubuntu1~16.04.4+esm1 |
pkg:deb/ubuntu/lxd?distro=bionic | < 3.0.3-0ubuntu1~18.04.2+esm1 |
pkg:deb/ubuntu/lxd-tools?distro=xenial | < 2.0.11-0ubuntu1~16.04.4+esm1 |
pkg:deb/ubuntu/lxd-tools?distro=bionic | < 3.0.3-0ubuntu1~18.04.2+esm1 |
pkg:deb/ubuntu/lxd-client?distro=xenial | < 2.0.11-0ubuntu1~16.04.4+esm1 |
pkg:deb/ubuntu/lxd-client?distro=bionic | < 3.0.3-0ubuntu1~18.04.2+esm1 |
pkg:deb/ubuntu/lxc2?distro=xenial | < 2.0.11-0ubuntu1~16.04.4+esm1 |
pkg:deb/ubuntu/golang-github-lxc-lxd-dev?distro=xenial | < 2.0.11-0ubuntu1~16.04.4+esm1 |
- ID
- USN-6738-1
- Severity
- medium
- Severity from
- CVE-2023-48795
- URL
- https://ubuntu.com/security/notices/USN-6738-1
- Published
-
2024-04-22T09:47:43
(4 months ago) - Modified
-
2024-04-22T09:47:43
(4 months ago) - Other Advisories
-
- ALAS-2023-1898
- ALAS2-2023-2376
- ALPINE:CVE-2023-48795
- ALSA-2024:0606
- ALSA-2024:0628
- ALSA-2024:1130
- ALSA-2024:1150
- DSA-5586-1
- DSA-5588-1
- DSA-5591-1
- DSA-5599-1
- DSA-5600-1
- DSA-5601-1
- DSA-5750-1
- ELSA-2024-0606
- ELSA-2024-0628
- ELSA-2024-1130
- ELSA-2024-1150
- ELSA-2024-12157
- ELSA-2024-12158
- ELSA-2024-12164
- ELSA-2024-12232
- ELSA-2024-12233
- ELSA-2024-2988
- FEDORA-2023-0733306be9
- FEDORA-2023-153404713b
- FEDORA-2023-20feb865d8
- FEDORA-2023-55800423a8
- FEDORA-2023-b87ec6cf47
- FEDORA-2023-cb8c606fbb
- FEDORA-2023-e77300e4b5
- FEDORA-2024-06ebb70bdd
- FEDORA-2024-2705241461
- FEDORA-2024-37627e432e
- FEDORA-2024-39a8c72ea9
- FEDORA-2024-3bb23c77f3
- FEDORA-2024-3fd1bc9276
- FEDORA-2024-71c2c6526c
- FEDORA-2024-7b08207cdb
- FEDORA-2024-7e301327c2
- FEDORA-2024-a53b24023d
- FEDORA-2024-ae653fb07b
- FEDORA-2024-d946b9ad25
- FEDORA-2024-fb32950d11
- FREEBSD:0F7598CC-9FE2-11EE-B47F-901B0E9408DC
- FREEBSD:13D83980-9F18-11EE-8E38-002590C1F29C
- FREEBSD:4EBDD56B-FE72-11EE-BC57-00E081B7AA2D
- FREEBSD:91955195-9EBB-11EE-BC14-A703705DB3A6
- FREEBSD:B5E22EC5-BC4B-11EE-B0B5-B42E991FC52E
- GLSA-202312-16
- GLSA-202312-17
- GLSA-202407-11
- GLSA-202407-12
- GO-2023-2402
- JENKINS:SECURITY-3333
- JENKINS:SECURITY-3386
- openSUSE-SU-2023:0411-1
- openSUSE-SU-2023:0421-1
- openSUSE-SU-2024:0005-1
- openSUSE-SU-2024:0008-1
- openSUSE-SU-2024:0036-1
- RHBA-2024:1127
- RHBA-2024:1136
- RHSA-2024:0606
- RHSA-2024:0628
- RHSA-2024:1130
- RHSA-2024:1150
- RHSA-2024:2988
- RLSA-2024:0606
- RLSA-2024:0628
- SSA:2023-353-01
- SSA:2023-354-01
- SUSE-SU-2023:4902-1
- SUSE-SU-2023:4903-1
- SUSE-SU-2023:4904-1
- SUSE-SU-2023:4905-1
- SUSE-SU-2023:4946-1
- SUSE-SU-2024:0006-1
- SUSE-SU-2024:0035-1
- SUSE-SU-2024:0140-1
- SUSE-SU-2024:0210-1
- SUSE-SU-2024:0224-1
- SUSE-SU-2024:0327-1
- SUSE-SU-2024:0430-1
- SUSE-SU-2024:0460-1
- SUSE-SU-2024:0525-1
- SUSE-SU-2024:0539-1
- SUSE-SU-2024:0543-1
- SUSE-SU-2024:0558-1
- SUSE-SU-2024:0972-1
- SUSE-SU-2024:0974-1
- USN-6560-1
- USN-6560-2
- USN-6561-1
- USN-6585-1
- USN-6589-1
- USN-6598-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/lxd?distro=xenial | ubuntu | lxd | < 2.0.11-0ubuntu1~16.04.4+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/lxd?distro=bionic | ubuntu | lxd | < 3.0.3-0ubuntu1~18.04.2+esm1 | bionic | ||
Affected | pkg:deb/ubuntu/lxd-tools?distro=xenial | ubuntu | lxd-tools | < 2.0.11-0ubuntu1~16.04.4+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/lxd-tools?distro=bionic | ubuntu | lxd-tools | < 3.0.3-0ubuntu1~18.04.2+esm1 | bionic | ||
Affected | pkg:deb/ubuntu/lxd-client?distro=xenial | ubuntu | lxd-client | < 2.0.11-0ubuntu1~16.04.4+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/lxd-client?distro=bionic | ubuntu | lxd-client | < 3.0.3-0ubuntu1~18.04.2+esm1 | bionic | ||
Affected | pkg:deb/ubuntu/lxc2?distro=xenial | ubuntu | lxc2 | < 2.0.11-0ubuntu1~16.04.4+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/golang-github-lxc-lxd-dev?distro=xenial | ubuntu | golang-github-lxc-lxd-dev | < 2.0.11-0ubuntu1~16.04.4+esm1 | xenial |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |