Ubuntu alert USN-7956-1 (google-guest-agent)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-7956-1] Google Guest Agent vulnerability
Date:
             
 
Tue, 13 Jan 2026 11:07:32 +0000
Message-ID:
             
 
<E1vfcFI-0004ED-D1@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-7956-1
January 13, 2026

google-guest-agent vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Google Guest Agent could be made to crash if it received specially
crafted network traffic.

Software Description:
- google-guest-agent: Google Compute Engine Guest Agent

Details:

Jakub Ciolek discovered that the Go Cryptography module included in
Google Guest Agent did not validate GSSAPI authentication requests during
SSH operations. An attacker could possibly use this issue to cause a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  google-guest-agent              20250506.01-0ubuntu1.1

Ubuntu 25.04
  google-guest-agent              20250116.00-0ubuntu2.2

Ubuntu 24.04 LTS
  google-guest-agent              20250116.00-0ubuntu1~24.04.3

Ubuntu 22.04 LTS
  google-guest-agent              20250116.00-0ubuntu1~22.04.2

Ubuntu 20.04 LTS
  google-guest-agent              20250116.00-0ubuntu1~20.04.0+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  google-guest-agent              20241011.01-0ubuntu1~18.04.0+esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  google-guest-agent              20240716.00-0ubuntu1~16.04.0+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7956-1
  CVE-2025-58181

Package Information:
  https://launchpad.net/ubuntu/+source/google-guest-agent/2...
  https://launchpad.net/ubuntu/+source/google-guest-agent/2...
  https://launchpad.net/ubuntu/+source/google-guest-agent/2...
  https://launchpad.net/ubuntu/+source/google-guest-agent/2...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmlmJ1AACgkQcpJm3tlz
hgH2bg/9G8OtHKr1ktUAUp+alkd/WizHA1h/ExPh6dBZo3cg0IiaJwEK3PbIDWDT
6UMdCAEzz/ifxfZ70XPKhIMEtCfA5O3JfC5YoLofEGZxUTbxmAVecChow8UrBhjY
hS8Yof47mbxpTXih1+EmHM3HvBEodtpGJXvVy2rL+4ekesfBkSd4CEBhlHO5oNnc
OfPR+vNR3qeiUdaE9jjCUdVSdpnPtFtE05AtDyGi5SHnDwZ0PIdKnjxRW+/9acpd
BlDmu90ZdPx3f3KHHPmKXimK3cBzOZQ0UuZEH7djoNebtRzA1YA/0gDZqEYVR5Nn
xu/VkKMgu3yJKuQ0azjBqdjztOre0+2aA3lAM0mOm8eFsXAfJvG6rPTReyXTR3Bx
Jm3zrRsiWJ1AqoKiTSCWHlrO7xILfxn9/xALtHTlaoL2f9RFfcD2n2PqgJTQ7qlE
JybAZPof6tDC9zGx/6j8OWyavYRylTya9Y6OrmzoLLW4KdOfPF2EM9MXA1GhUcFe
uLqGMQJ6vZFn4bySNuuX4F54C078t/7dGHTfqdPen10nKCPctWA3dBTczPfauJ85
+Pc0TQy0kDEUTCZsVfbZCk9MQhJgduCMNblxMamWt0VTrnQgP/Bt7BFNsPVVAHBi
/x27VysmudjrKato8AI6l73s++hvQAZUAYEzE3jTj5fPTaVDD2E=
=BCat
-----END PGP SIGNATURE-----