CVE-2025-32728

Publication date 11 April 2025

Last updated 11 April 2025

Ubuntu priority

Medium

Why this priority?

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Read the notes from the security team

Status

Package Ubuntu Release Status
openssh 24.10 oracular
Vulnerable
24.04 LTS noble
Vulnerable
22.04 LTS jammy FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Vulnerable
20.04 LTS focal FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Vulnerable
18.04 LTS bionic FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Vulnerable
16.04 LTS xenial FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Not affected
14.04 LTS trusty
Not affected
openssh-ssh1 24.10 oracular Ignored
24.04 LTS noble Ignored
22.04 LTS jammy Ignored
20.04 LTS focal Ignored
18.04 LTS bionic
Needs evaluation

Notes

mdeslaur

openssh-ssh1 is only provided for compatibility with old devices that cannot be upgraded to modern protocols. We will not be providing any security support for the openssh-ssh1 package as it is insecure and should be used in trusted environments only. The DisableForwarding option was introduced in 7.4

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
openssh