First published: Mon Apr 22 2024(Updated: )
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol (BPP). If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass integrity checks.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/lxd | <3.0.3-0ubuntu1~18.04.2+esm1 | 3.0.3-0ubuntu1~18.04.2+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/lxd-client | <3.0.3-0ubuntu1~18.04.2+esm1 | 3.0.3-0ubuntu1~18.04.2+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/lxd-tools | <3.0.3-0ubuntu1~18.04.2+esm1 | 3.0.3-0ubuntu1~18.04.2+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/golang-github-lxc-lxd-dev | <2.0.11-0ubuntu1~16.04.4+esm1 | 2.0.11-0ubuntu1~16.04.4+esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/lxc2 | <2.0.11-0ubuntu1~16.04.4+esm1 | 2.0.11-0ubuntu1~16.04.4+esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/lxd | <2.0.11-0ubuntu1~16.04.4+esm1 | 2.0.11-0ubuntu1~16.04.4+esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/lxd-client | <2.0.11-0ubuntu1~16.04.4+esm1 | 2.0.11-0ubuntu1~16.04.4+esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/lxd-tools | <2.0.11-0ubuntu1~16.04.4+esm1 | 2.0.11-0ubuntu1~16.04.4+esm1 |
Ubuntu Ubuntu | =16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.