1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6738-1

[USN-6738-1] LXD vulnerability

Severity Medium
Affected Packages 8
CVEs 1
Info Packages Vulnerabilities

LXD could be made to bypass integrity checks if it received specially crafted input.

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD
incorrectly handled the handshake phase and the use of sequence numbers in SSH
Binary Packet Protocol (BPP). If a user or an automated system were tricked
into opening a specially crafted input file, a remote attacker could possibly
use this issue to bypass integrity checks.

Package Affected Version
pkg:deb/ubuntu/lxd?distro=xenial < 2.0.11-0ubuntu1~16.04.4+esm1
pkg:deb/ubuntu/lxd?distro=bionic < 3.0.3-0ubuntu1~18.04.2+esm1
pkg:deb/ubuntu/lxd-tools?distro=xenial < 2.0.11-0ubuntu1~16.04.4+esm1
pkg:deb/ubuntu/lxd-tools?distro=bionic < 3.0.3-0ubuntu1~18.04.2+esm1
pkg:deb/ubuntu/lxd-client?distro=xenial < 2.0.11-0ubuntu1~16.04.4+esm1
pkg:deb/ubuntu/lxd-client?distro=bionic < 3.0.3-0ubuntu1~18.04.2+esm1
pkg:deb/ubuntu/lxc2?distro=xenial < 2.0.11-0ubuntu1~16.04.4+esm1
pkg:deb/ubuntu/golang-github-lxc-lxd-dev?distro=xenial < 2.0.11-0ubuntu1~16.04.4+esm1
ID
USN-6738-1
Severity
medium
Severity from
CVE-2023-48795
URL
https://ubuntu.com/security/notices/USN-6738-1
Published
2024-04-22T09:47:43
(4 months ago)
Modified
2024-04-22T09:47:43
(4 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/lxd?distro=xenial ubuntu lxd < 2.0.11-0ubuntu1~16.04.4+esm1 xenial
Affected pkg:deb/ubuntu/lxd?distro=bionic ubuntu lxd < 3.0.3-0ubuntu1~18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/lxd-tools?distro=xenial ubuntu lxd-tools < 2.0.11-0ubuntu1~16.04.4+esm1 xenial
Affected pkg:deb/ubuntu/lxd-tools?distro=bionic ubuntu lxd-tools < 3.0.3-0ubuntu1~18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/lxd-client?distro=xenial ubuntu lxd-client < 2.0.11-0ubuntu1~16.04.4+esm1 xenial
Affected pkg:deb/ubuntu/lxd-client?distro=bionic ubuntu lxd-client < 3.0.3-0ubuntu1~18.04.2+esm1 bionic
Affected pkg:deb/ubuntu/lxc2?distro=xenial ubuntu lxc2 < 2.0.11-0ubuntu1~16.04.4+esm1 xenial
Affected pkg:deb/ubuntu/golang-github-lxc-lxd-dev?distro=xenial ubuntu golang-github-lxc-lxd-dev < 2.0.11-0ubuntu1~16.04.4+esm1 xenial
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date