Ubuntu alert USN-8360-1 (sslh) [LWN.net]


From:
               noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com>
To:
               ubuntu-security-announce@lists.ubuntu.com
Subject:
               [USN-8360-1] sslh vulnerability
Date:
               Mon, 01 Jun 2026 18:25:52 +0000
Message-ID:
               <E1wU7Ki-00022G-7C@lists.ubuntu.com>
Cc:
               noreply+usn-bot@canonical.com
==========================================================================
Ubuntu Security Notice USN-8360-1
June 01, 2026

sslh vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

sslh could be made to overwrite files.

Software Description:
- sslh: Applicative protocol multiplexer

Details:

It was discovered that sslh did not properly handle symbolic
links when writing its PID file. A local attacker could
possibly use this issue to overwrite arbitrary files.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  sslh                            2.1.4-1ubuntu0.26.04.1

Ubuntu 25.10
  sslh                            2.1.4-1ubuntu0.25.10.1

Ubuntu 24.04 LTS
  sslh                            1.22c-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  sslh                            1.20-1+deb11u1build0.22.04.1

Ubuntu 20.04 LTS
  sslh                            1.20-1+deb11u1build0.20.04.1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  sslh                            1.18-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  sslh                            1.17-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

After a standard system update you need to restart sslh to
make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8360-1
  CVE-2025-52936

Package Information:
  https://launchpad.net/ubuntu/+source/sslh/2.1.4-1ubuntu0....
  https://launchpad.net/ubuntu/+source/sslh/2.1.4-1ubuntu0....
  https://launchpad.net/ubuntu/+source/sslh/1.20-1+deb11u1b...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmodzbIACgkQcpJm3tlz
hgFPaw//USy7NU1aYRpC5f9pImCekvNDGbnGIecSDrA9/oQJL9TovkMEOz7zsfs/
UGgSTpxdqAjHfu87USegBp7qFyR2V4ahKpxBKTD7ad1hPjfgjUNkk+0uC+Jhvs5C
k4qxOzvSvEY8AMz8ZiwFps1CSxY9/QK7h2w4DXC/l8MQKJN9z4VHSljd/0ppC+Md
vnT06+Gj4Lc6PZLoNyLF85L9FMpZJzZ4SEN0PS+SoIYKQ/TpWQc8RjS79oN4iz0J
umKFGCscPDEz16xj7vYYYw5Vohom0E6XAUurNkJvLqGpdAljWtlDc+VcHXXfDtyV
E4zPWLGL5AzI6GxviGwu+r5HtlLb7C+ROXtPEEuxUaK5UZnP/Zyoq+WMYsSAJ7nU
5AmiD9k7SLWg2x5/vhXuZJbzF9sJ+lKVoDW7JoGo7NaPCAi+NNdtrHMsRmEzDuV7
fW6EZ5pMIWS24c9Gz49TFtvryItqCWKZd8rlZQFydwCJmfj4ygWifIU20929RhE1
LVLMroaUNDRBJFi09/ctPA5hHG078r/QdLlaj3Lzd7e2cFysraWPzg/GY7RPcUMS
IMcy/We/E6MiC7fmp+l9e+J/Y8uPYrTj+RfCATS7TvW769QK4/z+pgFfkdRLRZNB
Rns37DGzBPM3K1nVbCW+szqq8USxsJlwpcEusuM1Vu5Jn1i+3/U=
=IYI0
-----END PGP SIGNATURE-----
From:		noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com>
To:		ubuntu-security-announce@lists.ubuntu.com
Subject:		[USN-8360-1] sslh vulnerability
Date:		Mon, 01 Jun 2026 18:25:52 +0000
Message-ID:		<E1wU7Ki-00022G-7C@lists.ubuntu.com>
Cc:		noreply+usn-bot@canonical.com