==========================================================================
Ubuntu Security Notice USN-7292-1
February 25, 2025

Several security issues were fixed in Dropbear
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in dropbear.

Software Description:
- dropbear: lightweight SSH2 server and client

Details:

Manfred Kaiser discovered that Dropbear through 2020.81 does not properly
check the available authentication methods in the client-side SSH code.
An attacker could use this vulnerability to gain unauthorized access to
remote systems. (CVE-2021-36369)

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH
transport protocol implementation in Dropbear had weak integrity checks.
An attacker could use this vulnerability to bypass security features
like encryption and integrity checks. (CVE-2023-48795)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  dropbear                        2020.81-5ubuntu0.1
  dropbear-bin                    2020.81-5ubuntu0.1

Ubuntu 20.04 LTS
  dropbear                        2019.78-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  dropbear-bin                    2019.78-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  dropbear                        2017.75-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  dropbear-bin                    2017.75-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7292-1
  CVE-2021-36369, CVE-2023-48795

Package Information:
  https://launchpad.net/ubuntu/+source/dropbear/2020.81-5ubuntu0.1