USN-7839-2
- Source
- https://ubuntu.com/security/notices/USN-7839-2
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7839-2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7839-2
- Upstream
- Related
- Published
- 2025-11-03T10:18:02.213974Z
- Modified
- 2025-11-05T01:17:45.250890Z
- Summary
- google-guest-agent vulnerability
- Details
-
USN-7839-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding update in the Go Cryptography module included in Google Guest Agent.
Original advisory details:
Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectly handled public keys during SSH operations. An attacker could possibly use this issue to bypass authorization mechanisms.
- References
Affected packages
Ubuntu:22.04:LTS
google-guest-agent
Package
- Name
- google-guest-agent
- Purl
- pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu1~22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20250116.00-0ubuntu1~22.04.1
Affected versions
20210629.*
20210629.00-0ubuntu1
20210629.00-0ubuntu2
20220104.*
20220104.00-0ubuntu1
20220104.00-0ubuntu2
20220622.*
20220622.00-0ubuntu2~22.04.0
20220622.00-0ubuntu2~22.04.1
20230426.*
20230426.00-0ubuntu2~22.04.0
20231004.*
20231004.02-0ubuntu1~22.04.1
20231004.02-0ubuntu1~22.04.2
20231004.02-0ubuntu1~22.04.3
20231004.02-0ubuntu1~22.04.4
20231004.02-0ubuntu1~22.04.5
20240716.*
20240716.00-0ubuntu1~22.04.0
20241011.*
20241011.01-0ubuntu1~22.04.0
20250116.*
20250116.00-0ubuntu1~22.04.0
Ecosystem specific
{
"binaries": [
{
"binary_version": "20250116.00-0ubuntu1~22.04.1",
"binary_name": "google-guest-agent"
}
],
"availability": "No subscription required"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7839-2.json"
cves_map
{
"cves": [
{
"id": "CVE-2024-45337",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS
google-guest-agent
Package
- Name
- google-guest-agent
- Purl
- pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu1~24.04.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20250116.00-0ubuntu1~24.04.2
Affected versions
20230426.*
20230426.00-0ubuntu3
20231004.*
20231004.02-0ubuntu1
20231004.02-0ubuntu3
20240213.*
20240213.00-0ubuntu1
20240213.00-0ubuntu2
20240213.00-0ubuntu3
20240213.00-0ubuntu3.1
20240213.00-0ubuntu3.2
20240716.*
20240716.00-0ubuntu1~24.04.0
20240716.00-0ubuntu1~24.04.1
20241011.*
20241011.01-0ubuntu1~24.04.0
20250116.*
20250116.00-0ubuntu1~24.04.0
20250116.00-0ubuntu1~24.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "20250116.00-0ubuntu1~24.04.2",
"binary_name": "google-guest-agent"
}
],
"availability": "No subscription required"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7839-2.json"
cves_map
{
"cves": [
{
"id": "CVE-2024-45337",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
Ubuntu:25.04
google-guest-agent
Package
- Name
- google-guest-agent
- Purl
- pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu2.1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20250116.00-0ubuntu2.1
Affected versions
20240716.*
20240716.00-0ubuntu2
20241011.*
20241011.01-0ubuntu1
20250116.*
20250116.00-0ubuntu1
20250116.00-0ubuntu2
Ecosystem specific
{
"binaries": [
{
"binary_version": "20250116.00-0ubuntu2.1",
"binary_name": "google-guest-agent"
}
],
"availability": "No subscription required"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7839-2.json"
cves_map
{
"cves": [
{
"id": "CVE-2024-45337",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:25.04"
}
Ubuntu:Pro:16.04:LTS
google-guest-agent
Package
- Name
- google-guest-agent
- Purl
- pkg:deb/ubuntu/google-guest-agent@20240716.00-0ubuntu1~16.04.0+esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20240716.00-0ubuntu1~16.04.0+esm1
Affected versions
20201217.*
20201217.02-0ubuntu1~16.04.0
20230426.*
20230426.00-0ubuntu2~16.04.3
20231004.*
20231004.02-0ubuntu1~16.04.1
20231004.02-0ubuntu1~16.04.2
20240716.*
20240716.00-0ubuntu1~16.04.0
Ecosystem specific
{
"binaries": [
{
"binary_version": "20240716.00-0ubuntu1~16.04.0+esm1",
"binary_name": "google-guest-agent"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7839-2.json"
cves_map
{
"cves": [
{
"id": "CVE-2024-45337",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
Ubuntu:Pro:18.04:LTS
google-guest-agent
Package
- Name
- google-guest-agent
- Purl
- pkg:deb/ubuntu/google-guest-agent@20241011.01-0ubuntu1~18.04.0+esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20241011.01-0ubuntu1~18.04.0+esm1
Affected versions
20201217.*
20201217.02-0ubuntu1~18.04.0
20210414.*
20210414.00-0ubuntu1~18.04.0
20210629.*
20210629.00-0ubuntu1~18.04.1
20220622.*
20220622.00-0ubuntu2~18.04.0
20220622.00-0ubuntu2~18.04.1
20230426.*
20230426.00-0ubuntu2~18.04.0
20231004.*
20231004.02-0ubuntu1~18.04.2
20231004.02-0ubuntu1~18.04.3
20240716.*
20240716.00-0ubuntu1~18.04.0
20241011.*
20241011.01-0ubuntu1~18.04.0
Ecosystem specific
{
"binaries": [
{
"binary_version": "20241011.01-0ubuntu1~18.04.0+esm1",
"binary_name": "google-guest-agent"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7839-2.json"
cves_map
{
"cves": [
{
"id": "CVE-2024-45337",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
Ubuntu:Pro:20.04:LTS
google-guest-agent
Package
- Name
- google-guest-agent
- Purl
- pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu1~20.04.0+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20250116.00-0ubuntu1~20.04.0+esm1
Affected versions
20201217.*
20201217.02-0ubuntu1~20.04.0
20210414.*
20210414.00-0ubuntu1~20.04.0
20210629.*
20210629.00-0ubuntu1~20.04.0
20220622.*
20220622.00-0ubuntu2~20.04.0
20220622.00-0ubuntu2~20.04.2
20230426.*
20230426.00-0ubuntu2~20.04.0
20231004.*
20231004.02-0ubuntu1~20.04.1
20231004.02-0ubuntu1~20.04.2
20231004.02-0ubuntu1~20.04.3
20231004.02-0ubuntu1~20.04.4
20240716.*
20240716.00-0ubuntu1~20.04.0
20241011.*
20241011.01-0ubuntu1~20.04.1
20250116.*
20250116.00-0ubuntu1~20.04.0
Ecosystem specific
{
"binaries": [
{
"binary_version": "20250116.00-0ubuntu1~20.04.0+esm1",
"binary_name": "google-guest-agent"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7839-2.json"
cves_map
{
"cves": [
{
"id": "CVE-2024-45337",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}