USN-7839-2

USN-7839-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding update in the Go Cryptography module included in Google Guest Agent.

Original advisory details:

Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectly handled public keys during SSH operations. An attacker could possibly use this issue to bypass authorization mechanisms.

References

Affected packages

Ubuntu:22.04:LTS

google-guest-agent

Package

Name: google-guest-agent
Purl: pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu1~22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20250116.00-0ubuntu1~22.04.1

Affected versions

20210629.*

20210629.00-0ubuntu1

20210629.00-0ubuntu2

20220104.*

20220104.00-0ubuntu1

20220104.00-0ubuntu2

20220622.*

20220622.00-0ubuntu2~22.04.0

20220622.00-0ubuntu2~22.04.1

20230426.*

20230426.00-0ubuntu2~22.04.0

20231004.*

20231004.02-0ubuntu1~22.04.1

20231004.02-0ubuntu1~22.04.2

20231004.02-0ubuntu1~22.04.3

20231004.02-0ubuntu1~22.04.4

20231004.02-0ubuntu1~22.04.5

20240716.*

20240716.00-0ubuntu1~22.04.0

20241011.*

20241011.01-0ubuntu1~22.04.0

20250116.*

20250116.00-0ubuntu1~22.04.0

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "google-guest-agent",
            "binary_version": "20250116.00-0ubuntu1~22.04.1"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:22.04:LTS",
    "cves": [
        {
            "id": "CVE-2024-45337",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

Ubuntu:24.04:LTS

google-guest-agent

Package

Name: google-guest-agent
Purl: pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu1~24.04.2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20250116.00-0ubuntu1~24.04.2

Affected versions

20230426.*

20230426.00-0ubuntu3

20231004.*

20231004.02-0ubuntu1

20231004.02-0ubuntu3

20240213.*

20240213.00-0ubuntu1

20240213.00-0ubuntu2

20240213.00-0ubuntu3

20240213.00-0ubuntu3.1

20240213.00-0ubuntu3.2

20240716.*

20240716.00-0ubuntu1~24.04.0

20240716.00-0ubuntu1~24.04.1

20241011.*

20241011.01-0ubuntu1~24.04.0

20250116.*

20250116.00-0ubuntu1~24.04.0

20250116.00-0ubuntu1~24.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "google-guest-agent",
            "binary_version": "20250116.00-0ubuntu1~24.04.2"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:24.04:LTS",
    "cves": [
        {
            "id": "CVE-2024-45337",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

Ubuntu:25.04

google-guest-agent

Package

Name: google-guest-agent
Purl: pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu2.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20250116.00-0ubuntu2.1

Affected versions

20240716.*

20240716.00-0ubuntu2

20241011.*

20241011.01-0ubuntu1

20250116.*

20250116.00-0ubuntu1

20250116.00-0ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "google-guest-agent",
            "binary_version": "20250116.00-0ubuntu2.1"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:25.04",
    "cves": [
        {
            "id": "CVE-2024-45337",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

Ubuntu:Pro:16.04:LTS

google-guest-agent

Package

Name: google-guest-agent
Purl: pkg:deb/ubuntu/google-guest-agent@20240716.00-0ubuntu1~16.04.0+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20240716.00-0ubuntu1~16.04.0+esm1

Affected versions

20201217.*

20201217.02-0ubuntu1~16.04.0

20230426.*

20230426.00-0ubuntu2~16.04.3

20231004.*

20231004.02-0ubuntu1~16.04.1

20231004.02-0ubuntu1~16.04.2

20240716.*

20240716.00-0ubuntu1~16.04.0

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "google-guest-agent",
            "binary_version": "20240716.00-0ubuntu1~16.04.0+esm1"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:Pro:16.04:LTS",
    "cves": [
        {
            "id": "CVE-2024-45337",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

Ubuntu:Pro:18.04:LTS

google-guest-agent

Package

Name: google-guest-agent
Purl: pkg:deb/ubuntu/google-guest-agent@20241011.01-0ubuntu1~18.04.0+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20241011.01-0ubuntu1~18.04.0+esm1

Affected versions

20201217.*

20201217.02-0ubuntu1~18.04.0

20210414.*

20210414.00-0ubuntu1~18.04.0

20210629.*

20210629.00-0ubuntu1~18.04.1

20220622.*

20220622.00-0ubuntu2~18.04.0

20220622.00-0ubuntu2~18.04.1

20230426.*

20230426.00-0ubuntu2~18.04.0

20231004.*

20231004.02-0ubuntu1~18.04.2

20231004.02-0ubuntu1~18.04.3

20240716.*

20240716.00-0ubuntu1~18.04.0

20241011.*

20241011.01-0ubuntu1~18.04.0

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "google-guest-agent",
            "binary_version": "20241011.01-0ubuntu1~18.04.0+esm1"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:Pro:18.04:LTS",
    "cves": [
        {
            "id": "CVE-2024-45337",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}

Ubuntu:Pro:20.04:LTS

google-guest-agent

Package

Name: google-guest-agent
Purl: pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu1~20.04.0+esm1?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20250116.00-0ubuntu1~20.04.0+esm1

Affected versions

20201217.*

20201217.02-0ubuntu1~20.04.0

20210414.*

20210414.00-0ubuntu1~20.04.0

20210629.*

20210629.00-0ubuntu1~20.04.0

20220622.*

20220622.00-0ubuntu2~20.04.0

20220622.00-0ubuntu2~20.04.2

20230426.*

20230426.00-0ubuntu2~20.04.0

20231004.*

20231004.02-0ubuntu1~20.04.1

20231004.02-0ubuntu1~20.04.2

20231004.02-0ubuntu1~20.04.3

20231004.02-0ubuntu1~20.04.4

20240716.*

20240716.00-0ubuntu1~20.04.0

20241011.*

20241011.01-0ubuntu1~20.04.1

20250116.*

20250116.00-0ubuntu1~20.04.0

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "google-guest-agent",
            "binary_version": "20250116.00-0ubuntu1~20.04.0+esm1"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:Pro:20.04:LTS",
    "cves": [
        {
            "id": "CVE-2024-45337",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}