CVE-2025-32728

Publication date 10 April 2025

Last updated 24 April 2025

Ubuntu priority

Medium

Why this priority?

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Read the notes from the security team

Status

Package Ubuntu Release Status
openssh 25.04 plucky
Fixed 1:9.9p1-3ubuntu3.1
24.10 oracular
Fixed 1:9.7p1-7ubuntu4.3
24.04 LTS noble
Fixed 1:9.6p1-3ubuntu13.11
22.04 LTS jammy
Fixed 1:8.9p1-3ubuntu0.13
20.04 LTS focal
Fixed 1:8.2p1-4ubuntu0.13
18.04 LTS bionic FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Vulnerable
16.04 LTS xenial FIPS Updates FIPS compliant package with security fixes. Available with Ubuntu Pro.
Not affected
14.04 LTS trusty
Not affected
openssh-ssh1 25.04 plucky Ignored
24.10 oracular Ignored
24.04 LTS noble Ignored
22.04 LTS jammy Ignored
20.04 LTS focal Ignored
18.04 LTS bionic
Needs evaluation

Notes

mdeslaur

openssh-ssh1 is only provided for compatibility with old devices that cannot be upgraded to modern protocols. We will not be providing any security support for the openssh-ssh1 package as it is insecure and should be used in trusted environments only. The DisableForwarding option was introduced in 7.4

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
openssh