Your submission was sent successfully! Close

CVE-2021-43565

Published: 6 December 2021

[x/crypto/ssh: empty plaintext packet causes panic]

Priority

Medium

Status

Package Release Status
golang-go.crypto
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

lxd
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(code-not-present)
focal Not vulnerable
(code-not-present)
hirsute Not vulnerable
(code-not-present)
impish Not vulnerable
(code-not-present)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code-not-present)
snapd
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(code-not-present)
focal Not vulnerable
(code-not-present)
hirsute Not vulnerable
(code-not-present)
impish Not vulnerable
(code-not-present)
jammy Not vulnerable
(code-not-present)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code-not-present)

Notes

AuthorNote
jdstrand 
snapd contains an embedded copy of golang-go.crypto
lxd in 18.04 LTS and earlier contains an embedded copy of
golang-go.crypto
mdeslaur 
snapd and lxd only use the terminal sub-package, not the ssh
part of golang-go.crypto, so they are not vulnerable

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading