Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD
incorrectly handled the handshake phase and the use of sequence numbers in SSH
Binary Packet Protocol (BPP). If a user or an automated system were tricked
into opening a specially crafted input file, a remote attacker could possibly
use this issue to bypass integrity checks.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 18.04 | noarch | lxd | < 3.0.3-0ubuntu1~18.04.2+esm1 | UNKNOWN |
Ubuntu | 18.04 | noarch | lxd | < 3.0.3-0ubuntu1~18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | lxd-client | < 3.0.3-0ubuntu1~18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | lxd-client-dbgsym | < 3.0.3-0ubuntu1~18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | lxd-dbgsym | < 3.0.3-0ubuntu1~18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | lxd-tools | < 3.0.3-0ubuntu1~18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | lxd-tools-dbgsym | < 3.0.3-0ubuntu1~18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | lxd-client | < 3.0.3-0ubuntu1~18.04.2+esm1 | UNKNOWN |
Ubuntu | 18.04 | noarch | lxd-tools | < 3.0.3-0ubuntu1~18.04.2+esm1 | UNKNOWN |
Ubuntu | 16.04 | noarch | golang-github-lxc-lxd-dev | < 2.0.11-0ubuntu1~16.04.4+esm1 | UNKNOWN |