NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-42010
• https://access.redhat.com/security/cve/CVE-2026-42010
• https://bugzilla.redhat.com/show_bug.cgi?id=2467289
• https://access.redhat.com/errata/RHSA-2026:13274
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-33845
• https://access.redhat.com/errata/RHSA-2026:13274
• https://access.redhat.com/security/cve/CVE-2026-33845
• https://bugzilla.redhat.com/show_bug.cgi?id=2450624
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-5260
• https://access.redhat.com/security/cve/CVE-2026-5260
• https://bugzilla.redhat.com/show_bug.cgi?id=2467450
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-42013
• https://access.redhat.com/security/cve/CVE-2026-42013
• https://bugzilla.redhat.com/show_bug.cgi?id=2467448
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Remediation

Upgrade Ubuntu:24.04 expat to version 2.6.1-2ubuntu0.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-25210
• https://github.com/libexpat/libexpat/pull/1075
• https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7
• https://cert-portal.siemens.com/productcert/html/ssa-253495.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Remediation

There is no fixed version for Ubuntu:24.04 pam.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8941
• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://access.redhat.com/errata/RHSA-2025:14557
• https://access.redhat.com/errata/RHSA-2025:15100
• https://access.redhat.com/errata/RHSA-2025:15104
• https://access.redhat.com/errata/RHSA-2025:15107
• https://access.redhat.com/errata/RHSA-2025:15099
• https://access.redhat.com/errata/RHSA-2025:15101
• https://access.redhat.com/errata/RHSA-2025:15102
• https://access.redhat.com/errata/RHSA-2025:15103
• https://access.redhat.com/errata/RHSA-2025:15105
• https://access.redhat.com/errata/RHSA-2025:15106
• https://access.redhat.com/errata/RHSA-2025:15709
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827
• https://access.redhat.com/errata/RHSA-2025:16524
• https://access.redhat.com/errata/RHSA-2025:18219
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:21885

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-33846
• https://access.redhat.com/security/cve/CVE-2026-33846
• https://bugzilla.redhat.com/show_bug.cgi?id=2450625
• https://access.redhat.com/errata/RHSA-2026:13274
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-42009
• https://access.redhat.com/errata/RHSA-2026:13274
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20612
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/security/cve/CVE-2026-42009
• https://bugzilla.redhat.com/show_bug.cgi?id=2467279

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.12 package and not the python3.12 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Remediation

Upgrade Ubuntu:24.04 python3.12 to version 3.12.3-1ubuntu0.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-13836
• https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628
• https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15
• https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155
• https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5
• https://github.com/python/cpython/issues/119451
• https://github.com/python/cpython/pull/119454
• https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/
• https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0
• https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-42011
• https://access.redhat.com/security/cve/CVE-2026-42011
• https://bugzilla.redhat.com/show_bug.cgi?id=2467437
• https://access.redhat.com/errata/RHSA-2026:13274
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName (DNS) or rfc822Name (email) constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-3833
• https://access.redhat.com/errata/RHSA-2026:13274
• https://access.redhat.com/security/cve/CVE-2026-3833
• https://bugzilla.redhat.com/show_bug.cgi?id=2445763
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612
• https://gitlab.com/gnutls/gnutls/-/issues/1803

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-42012
• https://access.redhat.com/security/cve/CVE-2026-42012
• https://bugzilla.redhat.com/show_bug.cgi?id=2467441
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the cap_set_file() function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

Remediation

Upgrade Ubuntu:24.04 libcap2 to version 1:2.66-5ubuntu2.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-4878
• https://access.redhat.com/errata/RHSA-2026:7473
• https://access.redhat.com/security/cve/CVE-2026-4878
• https://bugzilla.redhat.com/show_bug.cgi?id=2447554
• https://bugzilla.redhat.com/show_bug.cgi?id=2451615
• http://www.openwall.com/lists/oss-security/2026/04/07/14
• http://www.openwall.com/lists/oss-security/2026/04/07/4
• http://www.openwall.com/lists/oss-security/2026/04/08/9
• http://www.openwall.com/lists/oss-security/2026/04/09/5
• http://www.openwall.com/lists/oss-security/2026/04/09/6
• https://access.redhat.com/errata/RHSA-2026:12423
• https://access.redhat.com/errata/RHSA-2026:12441
• https://access.redhat.com/errata/RHSA-2026:13285
• https://access.redhat.com/errata/RHSA-2026:14162
• https://access.redhat.com/errata/RHSA-2026:14937
• https://access.redhat.com/errata/RHSA-2026:19130
• https://access.redhat.com/errata/RHSA-2026:19346
• https://access.redhat.com/errata/RHSA-2026:19456
• https://access.redhat.com/errata/RHSA-2026:19458
• https://access.redhat.com/errata/RHSA-2026:20595
• https://access.redhat.com/errata/RHSA-2026:21275
• https://access.redhat.com/errata/RHSA-2026:21254
• https://access.redhat.com/errata/RHSA-2026:22634
• https://access.redhat.com/errata/RHSA-2026:22957
• https://access.redhat.com/errata/RHSA-2026:24346
• https://access.redhat.com/errata/RHSA-2026:23245
• https://access.redhat.com/errata/RHSA-2026:25096
• https://access.redhat.com/errata/RHSA-2026:23233

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in GnuTLS. The gnutls_pkcs11_token_set_pin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-42014
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20612
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/security/cve/CVE-2026-42014
• https://bugzilla.redhat.com/show_bug.cgi?id=2467451
• https://gitlab.com/gnutls/gnutls/-/issues/1766
• https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

Remediation

There is no fixed version for Ubuntu:24.04 expat.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-66382
• https://github.com/libexpat/libexpat/issues/1076
• http://www.openwall.com/lists/oss-security/2025/12/02/1
• https://cert-portal.siemens.com/productcert/html/ssa-082556.html
• https://cert-portal.siemens.com/productcert/html/ssa-253495.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.12 package and not the python3.12 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Remediation

Upgrade Ubuntu:24.04 python3.12 to version 3.12.3-1ubuntu0.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-13837
• https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b
• https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70
• https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba
• https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb
• https://github.com/python/cpython/issues/119342
• https://github.com/python/cpython/pull/119343
• https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/
• https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036
• https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

Remediation

There is no fixed version for Ubuntu:24.04 tar.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-5704
• https://access.redhat.com/security/cve/CVE-2026-5704
• https://bugzilla.redhat.com/show_bug.cgi?id=2455360
• http://www.openwall.com/lists/oss-security/2026/04/11/10
• http://www.openwall.com/lists/oss-security/2026/04/11/11
• http://www.openwall.com/lists/oss-security/2026/04/12/2

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-14831
• https://access.redhat.com/security/cve/CVE-2025-14831
• https://bugzilla.redhat.com/show_bug.cgi?id=2423177
• https://access.redhat.com/errata/RHSA-2026:3477
• https://access.redhat.com/errata/RHSA-2026:4188
• https://gitlab.com/gnutls/gnutls/-/issues/1773
• https://access.redhat.com/errata/RHSA-2026:4655
• https://access.redhat.com/errata/RHSA-2026:4943
• https://access.redhat.com/errata/RHSA-2026:5585
• https://access.redhat.com/errata/RHSA-2026:5606
• https://access.redhat.com/errata/RHSA-2026:6630
• https://access.redhat.com/errata/RHSA-2026:6618
• https://access.redhat.com/errata/RHSA-2026:6737
• https://access.redhat.com/errata/RHSA-2026:6738
• https://access.redhat.com/errata/RHSA-2026:7329
• https://access.redhat.com/errata/RHSA-2026:7335
• https://access.redhat.com/errata/RHSA-2026:8747
• https://access.redhat.com/errata/RHSA-2026:8746
• https://access.redhat.com/errata/RHSA-2026:8748
• https://access.redhat.com/errata/RHSA-2026:7477
• https://access.redhat.com/errata/RHSA-2026:13812
• https://access.redhat.com/errata/RHSA-2026:16174
• https://cert-portal.siemens.com/productcert/html/ssa-032379.html
• https://access.redhat.com/errata/RHSA-2026:16008
• https://access.redhat.com/errata/RHSA-2026:16009
• https://access.redhat.com/errata/RHSA-2026:25096

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-42015
• https://access.redhat.com/security/cve/CVE-2026-42015
• https://bugzilla.redhat.com/show_bug.cgi?id=2467678
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.12 package and not the python3.12 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Remediation

Upgrade Ubuntu:24.04 python3.12 to version 3.12.3-1ubuntu0.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-12084
• https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0
• https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4
• https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964
• https://github.com/python/cpython/issues/142145
• https://github.com/python/cpython/pull/142146
• https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437
• https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907
• https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d
• https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8
• https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af
• https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273
• https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53
• https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8
• https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

Remediation

There is no fixed version for Ubuntu:24.04 gnupg2.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-68972
• https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
• https://news.ycombinator.com/item?id=46404339
• https://gpg.fail/formfeed

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-3832
• https://access.redhat.com/errata/RHSA-2026:13274
• https://access.redhat.com/security/cve/CVE-2026-3832
• https://bugzilla.redhat.com/show_bug.cgi?id=2445762
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:20612
• https://gitlab.com/gnutls/gnutls/-/issues/1801

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-5419
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/security/cve/CVE-2026-5419
• https://bugzilla.redhat.com/show_bug.cgi?id=2467686
• https://access.redhat.com/errata/RHSA-2026:20612

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.12 package and not the python3.12 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Remediation

There is no fixed version for Ubuntu:24.04 python3.12.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-13462
• https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab
• https://github.com/python/cpython/commit/72dde1016493c52abe857fc4a7bf6c40138b4114
• https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017
• https://github.com/python/cpython/commit/9a23b753552afa28e3a2f4d8863572fc66479406
• https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7
• https://github.com/python/cpython/commit/d10950739a78f54d0718d88fb5a868374603c084
• https://github.com/python/cpython/issues/141707
• https://github.com/python/cpython/pull/143934
• https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Remediation

Upgrade Ubuntu:24.04 expat to version 2.6.1-2ubuntu0.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-24515
• https://github.com/libexpat/libexpat/pull/1131
• https://cert-portal.siemens.com/productcert/html/ssa-253495.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream dpkg package and not the dpkg package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

Remediation

Upgrade Ubuntu:24.04 dpkg to version 1.22.6ubuntu6.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-2219
• https://bugs.debian.org/1129722
• https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Remediation

Upgrade Ubuntu:24.04 glibc to version 2.39-0ubuntu8.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15281
• https://sourceware.org/bugzilla/show_bug.cgi?id=33814
• http://www.openwall.com/lists/oss-security/2026/01/20/3

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.

Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.

Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

Remediation

Upgrade Ubuntu:24.04 glibc to version 2.39-0ubuntu8.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0861
• https://sourceware.org/bugzilla/show_bug.cgi?id=33796
• https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001
• http://www.openwall.com/lists/oss-security/2026/01/16/5

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Remediation

Upgrade Ubuntu:24.04 glibc to version 2.39-0ubuntu8.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0915
• http://www.openwall.com/lists/oss-security/2026/01/16/6
• https://sourceware.org/bugzilla/show_bug.cgi?id=33802

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.

This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

Remediation

There is no fixed version for Ubuntu:24.04 glibc.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-4046
• https://sourceware.org/bugzilla/show_bug.cgi?id=33980
• https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD
• https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.

Remediation

There is no fixed version for Ubuntu:24.04 glibc.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-4437
• https://sourceware.org/bugzilla/show_bug.cgi?id=34014

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

Remediation

There is no fixed version for Ubuntu:24.04 glibc.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-4438
• https://sourceware.org/bugzilla/show_bug.cgi?id=34015

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

Remediation

There is no fixed version for Ubuntu:24.04 glibc.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-5435
• https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u
• https://sourceware.org/bugzilla/show_bug.cgi?id=34033

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.

These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

Remediation

There is no fixed version for Ubuntu:24.04 glibc.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-6238
• https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u
• https://sourceware.org/bugzilla/show_bug.cgi?id=34069

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

Remediation

Upgrade Ubuntu:24.04 libgcrypt20 to version 1.10.3-2ubuntu0.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-41989
• https://dev.gnupg.org/T8211
• https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html
• https://www.openwall.com/lists/oss-security/2026/04/21/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libtasn1-6 package and not the libtasn1-6 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

Remediation

Upgrade Ubuntu:24.04 libtasn1-6 to version 4.19.0-3ubuntu0.24.04.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-13151
• https://gitlab.com/gnutls/libtasn1
• https://gitlab.com/gnutls/libtasn1/-/merge_requests/121
• http://www.openwall.com/lists/oss-security/2026/01/08/5
• https://www.kb.cert.org/vuls/id/271649

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.

Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.

When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.

Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Ubuntu:24.04 openssl to version 3.0.13-0ubuntu3.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15467
• https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703
• https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9
• https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3
• https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e
• https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc
• https://openssl-library.org/news/secadv/20260127.txt
• http://www.openwall.com/lists/oss-security/2026/01/27/10
• http://www.openwall.com/lists/oss-security/2026/02/25/6
• https://github.com/guiimoraes/CVE-2025-15467
• https://cert-portal.siemens.com/productcert/html/ssa-434797.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer.

Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker.

RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced.

If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext.

As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.

Remediation

Upgrade Ubuntu:24.04 openssl to version 3.0.13-0ubuntu3.9 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-31790
• https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac
• https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482
• https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406
• https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790
• https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e
• https://openssl-library.org/news/secadv/20260407.txt
• https://cert-portal.siemens.com/productcert/html/ssa-032379.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises.

Impact Summary: Attackers making use of these vulnerabilities may achieve key-equivalent functionality for a given CMS recipient and/or bypass integrity validation for a given message.

In one use case, an attacker may send a CMS message containing AuthEnvelopedData with the cipher specified as a non-AEAD cipher. OpenSSL erroneously allows this selection, and attempts to decrypt and validate the message.

An on-path attacker who captures one legitimate AES-GCM AuthEnvelopedData addressed to the victim can re-emit it with the recipientInfos set left byte-for-byte intact, so the victim's private key still unwraps the genuine CEK (the content-encryption key), but with the inner OID rewritten to AES-256-OFB (Output Feedback Mode, an unauthenticated keystream mode) and with an attacker-chosen IV and ciphertext. The victim initializes AES-256-OFB under the real CEK, never consults the MAC field, and CMS_decrypt() returns success.

If the application under attack responds to the attacker with any indicator showing success or failure of the decryption effort, it is possible for the attacker to use this as an oracle to obtain key equivalent functionality for the CEK used for the chosen recipient of the message.

In another use case, an attacker can reduce the tag length of the chosen AEAD cipher for a given AuthEnvelopedData container to be a single byte long, allowing an attacker to brute force CMS decryption, producing an integrity bypass for applications that trust CMS_decrypt() to reject modified content.

The FIPS modules are not affected by this issue.

Remediation

Upgrade Ubuntu:24.04 openssl to version 3.0.13-0ubuntu3.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-34182
• https://github.com/openssl/security/commit/03c1f4d45fb963aee7d5833390c507cd290182bc
• https://github.com/openssl/security/commit/439ed7d2c0962ce964482727264668bf277c333f
• https://github.com/openssl/security/commit/7947e6a81eb8776802f159fb6762cb7fcf7e34c7
• https://github.com/openssl/security/commit/9fd97f8cfdc2c0be214998de3b2b55c8edf6c7ac
• https://github.com/openssl/security/commit/d2ca86bcd43e4f17d899f347101766b6107676e0
• https://github.com/openssl/openssl/commit/03c1f4d45fb963aee7d5833390c507cd290182bc
• https://github.com/openssl/openssl/commit/439ed7d2c0962ce964482727264668bf277c333f
• https://github.com/openssl/openssl/commit/7947e6a81eb8776802f159fb6762cb7fcf7e34c7
• https://github.com/openssl/openssl/commit/9fd97f8cfdc2c0be214998de3b2b55c8edf6c7ac
• https://github.com/openssl/openssl/commit/d2ca86bcd43e4f17d899f347101766b6107676e0
• https://openssl-library.org/news/secadv/20260609.txt

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded.

Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV supplied by the caller, resulting in (key, nonce) reuse and loss of confidentiality. If the same code path is used to compute the authentication tag, the tag depends only on the (key, IV) pair and not on the plaintext or ciphertext, allowing universal forgery of arbitrary ciphertext from a single captured message.

OpenSSL provides two ways to drive a cipher: the documented streaming interface (EVP_CipherUpdate / EVP_CipherFinal_ex) and a lower-level one-shot, EVP_Cipher(), whose documentation explicitly recommends against use by applications in favour of EVP_CipherUpdate() and EVP_CipherFinal_ex(). The OCB provider's streaming handler flushes the application-supplied IV into the OCB context before processing data; the one-shot handler did not. Every call to EVP_Cipher() on an AES-OCB context therefore ran with the all-zero key-derived offset state left by cipher initialisation, regardless of the caller's IV.

If EVP_EncryptFinal_ex() is subsequently used to obtain the authentication tag, the deferred IV setup runs at that point and clears the running checksum that should have been accumulated over the plaintext. The resulting tag is a function of (key, IV) only and verifies against any ciphertext produced under the same (key, IV) pair.

The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not a TLS cipher suite, and libssl does not call EVP_Cipher() in any case. Applications that drive AES-OCB through the documented streaming AEAD API (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Only applications that combine the AES-OCB cipher with the EVP_Cipher() one-shot API are vulnerable.

The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as AES-OCB is outside the OpenSSL FIPS module boundary.

Remediation

Upgrade Ubuntu:24.04 openssl to version 3.0.13-0ubuntu3.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-45445
• https://github.com/openssl/security/commit/323f0b6e7d530a4cb4336d50c88cb70f3ac2a451
• https://github.com/openssl/security/commit/787a6dfba81b7b09c1e05ab31396c0cd7c36b3f7
• https://github.com/openssl/security/commit/7ac4715234ee72d9f3c93426a2c08554b5b771af
• https://github.com/openssl/security/commit/843c9b94ca9c2ed248bb30127bb4f3d7af0d607c
• https://github.com/openssl/security/commit/983d54b5cce8d16147548ed1a37892d1720bbab6
• https://github.com/openssl/openssl/commit/323f0b6e7d530a4cb4336d50c88cb70f3ac2a451
• https://github.com/openssl/openssl/commit/787a6dfba81b7b09c1e05ab31396c0cd7c36b3f7
• https://github.com/openssl/openssl/commit/7ac4715234ee72d9f3c93426a2c08554b5b771af
• https://github.com/openssl/openssl/commit/843c9b94ca9c2ed248bb30127bb4f3d7af0d607c
• https://github.com/openssl/openssl/commit/983d54b5cce8d16147548ed1a37892d1720bbab6
• https://openssl-library.org/news/secadv/20260609.txt

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.12 package and not the python3.12 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.

Remediation

Upgrade Ubuntu:24.04 python3.12 to version 3.12.3-1ubuntu0.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11468
• https://github.com/python/cpython/issues/143935
• https://github.com/python/cpython/pull/143936
• https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/
• https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2
• https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6
• https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0
• https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796
• https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66
• https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.12 package and not the python3.12 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

Remediation

Upgrade Ubuntu:24.04 python3.12 to version 3.12.3-1ubuntu0.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15282
• https://github.com/python/cpython/issues/143925
• https://github.com/python/cpython/pull/143926
• https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/
• https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f
• https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0
• https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38
• https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80
• https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47
• https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.12 package and not the python3.12 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

Remediation

Upgrade Ubuntu:24.04 python3.12 to version 3.12.3-1ubuntu0.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0672
• https://github.com/python/cpython/issues/143919
• https://github.com/python/cpython/pull/143920
• https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/
• https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70
• https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440
• https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172
• https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d
• https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca
• https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.12 package and not the python3.12 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

User-controlled header names and values containing newlines can allow injecting HTTP headers.

Remediation

Upgrade Ubuntu:24.04 python3.12 to version 3.12.3-1ubuntu0.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0865
• https://github.com/python/cpython/issues/143916
• https://github.com/python/cpython/pull/143917
• https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/
• https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58
• https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510
• https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2
• https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5
• https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995
• https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211
• https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6
• https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff
• https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf
• https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f
• https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97
• https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.12 package and not the python3.12 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.

Remediation

There is no fixed version for Ubuntu:24.04 python3.12.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-2297
• https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e
• https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e
• https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86
• https://github.com/python/cpython/issues/145506
• https://github.com/python/cpython/pull/145507
• http://www.openwall.com/lists/oss-security/2026/03/05/6
• https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9
• https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd

NVD Description

Note: Versions mentioned in the description apply only to the upstream sed package and not the sed package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path:

1. resolves symlink to its target and stores the resolved path for determining when output is written,
2. opens the original symlink path (not the resolved one) to read the file. Between these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process.

This issue was fixed in version 4.10.

Remediation

Upgrade Ubuntu:24.04 sed to version 4.9-2ubuntu0.24.04.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-5958
• https://cert.pl/en/posts/2026/04/CVE-2026-5958
• https://www.gnu.org/software/sed/
• http://www.openwall.com/lists/oss-security/2026/05/13/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

Remediation

Upgrade Ubuntu:24.04 systemd to version 255.4-1ubuntu8.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-29111
• https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a
• https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6
• https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412
• https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd
• https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f
• https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f
• https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69
• https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6
• https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c
• https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8
• https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Remediation

Upgrade Ubuntu:24.04 systemd to version 255.4-1ubuntu8.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-40225
• https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Remediation

Upgrade Ubuntu:24.04 systemd to version 255.4-1ubuntu8.16 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-40226
• https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.

Remediation

There is no fixed version for Ubuntu:24.04 tar.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582
• https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md
• https://www.gnu.org/software/tar/
• https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html
• https://www.gnu.org/software/tar/manual/html_node/Integrity.html
• https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html
• http://www.openwall.com/lists/oss-security/2025/11/01/6

NVD Description

Note: Versions mentioned in the description apply only to the upstream util-linux package and not the util-linux package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.

Remediation

There is no fixed version for Ubuntu:24.04 util-linux.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-27456
• https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4
• https://github.com/util-linux/util-linux/releases/tag/v2.41.4
• https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g