==========================================================================
Ubuntu Security Notice USN-7839-1
October 23, 2025
golang-go.crypto vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Go Cryptography could allow unintended access to network services.
Software Description:
- golang-go.crypto: Supplementary Go cryptography libraries
Details:
Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier
discovered that Go Cryptography incorrectly handled public keys during SSH
operations. An attacker could possibly use this issue to bypass
authorization mechanisms.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
golang-golang-x-crypto-dev 1:0.19.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
golang-golang-x-crypto-dev 1:0.0~git20211202.5770296-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
golang-golang-x-crypto-dev 1:0.0~git20200221.2aa609c-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
golang-go.crypto-dev 1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm1
Available with Ubuntu Pro
golang-golang-x-crypto-dev 1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
golang-go.crypto-dev 1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm1
Available with Ubuntu Pro
golang-golang-x-crypto-dev 1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7839-1
CVE-2024-45337
No comments:
Post a Comment