Ubuntu alert USN-7839-1 (golang-go.crypto)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7839-1] Go Cryptography vulnerability | |
| Date: | Thu, 23 Oct 2025 20:00:54 +0000 | |
| Message-ID: | <E1vC1UU-0000zT-FB@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7839-1 October 23, 2025 golang-go.crypto vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Go Cryptography could allow unintended access to network services. Software Description: - golang-go.crypto: Supplementary Go cryptography libraries Details: Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectly handled public keys during SSH operations. An attacker could possibly use this issue to bypass authorization mechanisms. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS golang-golang-x-crypto-dev 1:0.19.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS golang-golang-x-crypto-dev 1:0.0~git20211202.5770296-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS golang-golang-x-crypto-dev 1:0.0~git20200221.2aa609c-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS golang-go.crypto-dev 1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm1 Available with Ubuntu Pro golang-golang-x-crypto-dev 1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS golang-go.crypto-dev 1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm1 Available with Ubuntu Pro golang-golang-x-crypto-dev 1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7839-1 CVE-2024-45337
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmj6iSoACgkQcpJm3tlz hgFpmA//YOAyDwfTfqauEKXs51Md799tNe9AteAhBMP2NwsS9psNcY4t+vLy7w9r YSA4pPQrwYJ42QRrVXtug1czgcuNpnrSkSC/7bnTjNc4MZoehYzSscJo6RFv6Foq Ux/msrjuhsSNtgrOAV4ezc1qp3u2hzeqm0Db++aZXgXv50y3wIWUaXaVQ539BDFW Sh25PQ5jdZ0z1t2A12h51ZS4hhGCQA0CgwTQUWE7kAzzzgN5lkHFG2foomWp3lBe 6RuKhCGlpXKgV/H7euaJkT2kTKIgGLkAbGuA/U+exDJ73APKC5eSOuwQtJ4cmD1A DXK0eEa+OxvMOzevZlXKg5hQVhWGO8X6ScFZnUX50LTCi+RPSKL6rcC8i+fiGUCw hWDDoH/5Xm7mX4wFylBXgdxojZLEr8uJhJ5WGFyrwaddKk26mEE28jQkHKWsGcxO vASzKdr8MaqKHIjneK1T12gCQAf13j4ffk+yykEtSQAc6nKrDRk9PeAzHB2vyid3 XvwOy4ff+iZClnPGuEwThFb5LhkVWA9MWh+WXBEzR5eHbtPDj3TaGhcycyh4tDRV 19MJkfEubVw4PMPrIapEaArr+f2/anAK0gH5pfle3fovjjzvqH6thCWUcPCIL9gH +T/9EHiB0IH06qZZbviFNeybEfqRxjFC7V5pCDbSVUPW27viwzk= =FDWn -----END PGP SIGNATURE-----