Not a user yet?
Log in Register for free Suggest a product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

USN-7108-2: AsyncSSH vulnerabilities

Ubuntu ServerUbuntu Server
Canonical
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

USN-7108-2: AsyncSSH vulnerabilities
12 December 2024

Several issues were fixed in AsyncSSH.

Releases
Ubuntu 18.04 ESM

Packages
python-asyncssh - asyncio-based client and server implementation of SSHv2 protocol

Details
USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the
corresponding update for Ubuntu 18.04 LTS.

Original advisory details:
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the extension info message. An attacker able to
intercept communications could possibly use this issue to downgrade
the algorithm used for client authentication. (CVE-2023-46445)

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the user authentication request message. An
attacker could possibly use this issue to control the remote end of an SSH
client session via packet injection/removal and shell emulation.
(CVE-2023-46446)

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04

  • python3-asyncssh - 1.11.1-1ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

Version: 24.04 LTS Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Canonical Ubuntu Server updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad