- Vulnerability/
- USN-7108-2
USN-7108-2: AsyncSSH vulnerabilities
First published: Thu Dec 12 2024(Updated: )
USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. (CVE-2023-46445) Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the user authentication request message. An attacker could possibly use this issue to control the remote end of an SSH client session via packet injection/removal and shell emulation. (CVE-2023-46446)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python3-asyncssh | <1.11.1-1ubuntu0.1~esm2 | 1.11.1-1ubuntu0.1~esm2 |
| Ubuntu Ubuntu | =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/usn
- source/Ubuntu
- anchor-related/USN-7108-1
- agent/software-canonical-lookup
- agent/severity
- agent/title
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.04