CVE-2021-43565

Published: 6 September 2022

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

Notes

Author	Note
jdstrand	snapd contains an embedded copy of golang-go.crypto lxd in 18.04 LTS and earlier contains an embedded copy of golang-go.crypto
mdeslaur	snapd and lxd only use the terminal sub-package, not the ssh part of golang-go.crypto, so they are not vulnerable

Author

Note

snapd contains an embedded copy of golang-go.crypto
lxd in 18.04 LTS and earlier contains an embedded copy of
golang-go.crypto

snapd and lxd only use the terminal sub-package, not the ssh
part of golang-go.crypto, so they are not vulnerable

7.5

Package	Release	Status
golang-go.crypto Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Needs triage
	Patches: upstream: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083
lxd Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code-not-present)
	focal	Not vulnerable (code-not-present)
	hirsute	Not vulnerable (code-not-present)
	impish	Not vulnerable (code-not-present)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (code-not-present)
snapd Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code-not-present)
	focal	Not vulnerable (code-not-present)
	hirsute	Not vulnerable (code-not-present)
	impish	Not vulnerable (code-not-present)
	jammy	Not vulnerable (code-not-present)
	kinetic	Not vulnerable (code-not-present)
	lunar	Not vulnerable (code-not-present)
	mantic	Not vulnerable (code-not-present)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (code-not-present)

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.