Ubuntu has issued two security notices, USN-7839-1 and USN-7838-1, affecting various Ubuntu releases. The first notice addresses a vulnerability in Go Cryptography (CVE-2024-45337) that could allow an attacker to bypass authorization mechanisms during SSH operations. The second notice affects the fetchmail package (CVE-2025-61962) and may cause it to crash if it receives specially crafted network traffic from a malicious server.

[USN-7839-1] Go Cryptography vulnerability
[USN-7838-1] fetchmail vulnerability

[USN-7839-1] Go Cryptography vulnerability

==========================================================================
Ubuntu Security Notice USN-7839-1
October 23, 2025

golang-go.crypto vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Go Cryptography could allow unintended access to network services.

Software Description:
- golang-go.crypto: Supplementary Go cryptography libraries

Details:

Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier
discovered that Go Cryptography incorrectly handled public keys during SSH
operations. An attacker could possibly use this issue to bypass
authorization mechanisms.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
golang-golang-x-crypto-dev 1:0.19.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
golang-golang-x-crypto-dev 1:0.0~git20211202.5770296-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
golang-golang-x-crypto-dev 1:0.0~git20200221.2aa609c-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
golang-go.crypto-dev 1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm1
Available with Ubuntu Pro
golang-golang-x-crypto-dev 1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
golang-go.crypto-dev 1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm1
Available with Ubuntu Pro
golang-golang-x-crypto-dev 1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7839-1
CVE-2024-45337

[USN-7838-1] fetchmail vulnerability

==========================================================================
Ubuntu Security Notice USN-7838-1
October 23, 2025

fetchmail vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

fetchmail could be made to crash if it received specially crafted network
traffic.

Software Description:
- fetchmail: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder

Details:

It was discovered that the fetchmail SMTP client incorrectly handled
certain status code messages. An attacker controlling a malicious server
could possibly use this issue to cause fetchmail to crash, resulting in a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
fetchmail 6.4.39-1ubuntu0.1

Ubuntu 24.04 LTS
fetchmail 6.4.38-1ubuntu4.1

Ubuntu 22.04 LTS
fetchmail 6.4.27-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7838-1
CVE-2025-61962

Package Information:
https://launchpad.net/ubuntu/+source/fetchmail/6.4.39-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fetchmail/6.4.38-1ubuntu4.1
https://launchpad.net/ubuntu/+source/fetchmail/6.4.27-1ubuntu0.1