NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

Remediation

Upgrade Ubuntu:22.04 glib2.0 to version 2.72.4-0ubuntu2.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-14087
• https://access.redhat.com/security/cve/CVE-2025-14087
• https://bugzilla.redhat.com/show_bug.cgi?id=2419093

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Remediation

Upgrade Ubuntu:22.04 libxml2 to version 2.9.13+dfsg-1ubuntu0.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-49794
• https://access.redhat.com/security/cve/CVE-2025-49794
• https://bugzilla.redhat.com/show_bug.cgi?id=2372373
• https://access.redhat.com/errata/RHSA-2025:10630
• https://access.redhat.com/errata/RHSA-2025:10698
• https://access.redhat.com/errata/RHSA-2025:10699
• https://access.redhat.com/errata/RHSA-2025:11580
• https://access.redhat.com/errata/RHSA-2025:12098
• https://access.redhat.com/errata/RHSA-2025:12099
• https://access.redhat.com/errata/RHSA-2025:12199
• https://access.redhat.com/errata/RHSA-2025:12239
• https://access.redhat.com/errata/RHSA-2025:12240
• https://access.redhat.com/errata/RHSA-2025:12241
• https://access.redhat.com/errata/RHSA-2025:12237
• https://access.redhat.com/errata/RHSA-2025:13335
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827
• https://access.redhat.com/errata/RHSA-2025:18219
• https://access.redhat.com/errata/RHSA-2025:15397
• https://access.redhat.com/errata/RHSA-2025:18218
• https://access.redhat.com/errata/RHSA-2025:18217
• https://access.redhat.com/errata/RHSA-2025:18240
• https://access.redhat.com/errata/RHSA-2025:19020
• https://access.redhat.com/errata/RHSA-2025:19046
• https://access.redhat.com/errata/RHSA-2025:19041
• https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
• https://access.redhat.com/errata/RHSA-2025:19894
• https://access.redhat.com/errata/RHSA-2025:21913
• https://access.redhat.com/errata/RHSA-2026:0934

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Remediation

Upgrade Ubuntu:22.04 libxml2 to version 2.9.13+dfsg-1ubuntu0.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-49796
• https://access.redhat.com/security/cve/CVE-2025-49796
• https://bugzilla.redhat.com/show_bug.cgi?id=2372385
• https://access.redhat.com/errata/RHSA-2025:10630
• https://access.redhat.com/errata/RHSA-2025:10698
• https://access.redhat.com/errata/RHSA-2025:10699
• https://access.redhat.com/errata/RHSA-2025:11580
• https://access.redhat.com/errata/RHSA-2025:12098
• https://access.redhat.com/errata/RHSA-2025:12099
• https://access.redhat.com/errata/RHSA-2025:12199
• https://access.redhat.com/errata/RHSA-2025:12239
• https://access.redhat.com/errata/RHSA-2025:12240
• https://access.redhat.com/errata/RHSA-2025:12241
• https://access.redhat.com/errata/RHSA-2025:12237
• https://access.redhat.com/errata/RHSA-2025:13267
• https://access.redhat.com/errata/RHSA-2025:13335
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827
• https://access.redhat.com/errata/RHSA-2025:18219
• https://access.redhat.com/errata/RHSA-2025:15397
• https://access.redhat.com/errata/RHSA-2025:18218
• https://access.redhat.com/errata/RHSA-2025:18217
• https://access.redhat.com/errata/RHSA-2025:18240
• https://access.redhat.com/errata/RHSA-2025:19020
• https://access.redhat.com/errata/RHSA-2025:19046
• https://access.redhat.com/errata/RHSA-2025:19041
• https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
• https://access.redhat.com/errata/RHSA-2025:19894
• https://access.redhat.com/errata/RHSA-2025:21913
• https://access.redhat.com/errata/RHSA-2026:0934

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.

Remediation

There is no fixed version for Ubuntu:22.04 git.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005
• https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329
• https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5244
• https://sourceware.org/bugzilla/attachment.cgi?id=16010
• https://sourceware.org/bugzilla/show_bug.cgi?id=32858
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5
• https://vuldb.com/?ctiid.310346
• https://vuldb.com/?id.310346
• https://vuldb.com/?submit.584634
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5245
• https://sourceware.org/bugzilla/attachment.cgi?id=16004
• https://sourceware.org/bugzilla/show_bug.cgi?id=32829
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a
• https://vuldb.com/?ctiid.310347
• https://vuldb.com/?id.310347
• https://vuldb.com/?submit.584635
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-7545
• https://sourceware.org/bugzilla/attachment.cgi?id=16117
• https://sourceware.org/bugzilla/show_bug.cgi?id=33049
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944
• https://vuldb.com/?ctiid.316243
• https://vuldb.com/?id.316243
• https://vuldb.com/?submit.614355
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11083
• https://sourceware.org/bugzilla/attachment.cgi?id=16353
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490
• https://vuldb.com/?ctiid.326124
• https://vuldb.com/?id.326124
• https://vuldb.com/?submit.661277
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=33457
• https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11082
• https://sourceware.org/bugzilla/attachment.cgi?id=16358
• https://sourceware.org/bugzilla/show_bug.cgi?id=33464
• https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8
• https://vuldb.com/?ctiid.326123
• https://vuldb.com/?id.326123
• https://vuldb.com/?submit.661276
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Remediation

Upgrade Ubuntu:22.04 libxml2 to version 2.9.13+dfsg-1ubuntu0.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-7425
• https://access.redhat.com/security/cve/CVE-2025-7425
• https://bugzilla.redhat.com/show_bug.cgi?id=2379274
• https://access.redhat.com/errata/RHSA-2025:12447
• https://access.redhat.com/errata/RHSA-2025:12450
• https://access.redhat.com/errata/RHSA-2025:13267
• https://access.redhat.com/errata/RHSA-2025:13313
• https://access.redhat.com/errata/RHSA-2025:13314
• https://access.redhat.com/errata/RHSA-2025:13308
• https://access.redhat.com/errata/RHSA-2025:13309
• https://access.redhat.com/errata/RHSA-2025:13310
• https://access.redhat.com/errata/RHSA-2025:13311
• https://access.redhat.com/errata/RHSA-2025:13312
• https://access.redhat.com/errata/RHSA-2025:13335
• https://access.redhat.com/errata/RHSA-2025:13464
• https://access.redhat.com/errata/RHSA-2025:13622
• https://access.redhat.com/errata/RHSA-2025:14059
• https://access.redhat.com/errata/RHSA-2025:14396
• https://access.redhat.com/errata/RHSA-2025:14819
• https://access.redhat.com/errata/RHSA-2025:14818
• https://access.redhat.com/errata/RHSA-2025:14853
• https://access.redhat.com/errata/RHSA-2025:14858
• https://access.redhat.com/errata/RHSA-2025:15308
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827
• https://access.redhat.com/errata/RHSA-2025:15672
• https://access.redhat.com/errata/RHSA-2025:18219
• https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
• http://seclists.org/fulldisclosure/2025/Aug/0
• http://seclists.org/fulldisclosure/2025/Jul/30
• http://seclists.org/fulldisclosure/2025/Jul/32
• http://seclists.org/fulldisclosure/2025/Jul/35
• http://seclists.org/fulldisclosure/2025/Jul/37
• http://www.openwall.com/lists/oss-security/2025/07/11/2
• https://access.redhat.com/errata/RHSA-2025:21885
• https://access.redhat.com/errata/RHSA-2025:21913
• https://access.redhat.com/errata/RHSA-2026:0934
• https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Remediation

There is no fixed version for Ubuntu:22.04 pam.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8941
• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://access.redhat.com/errata/RHSA-2025:14557
• https://access.redhat.com/errata/RHSA-2025:15100
• https://access.redhat.com/errata/RHSA-2025:15104
• https://access.redhat.com/errata/RHSA-2025:15107
• https://access.redhat.com/errata/RHSA-2025:15099
• https://access.redhat.com/errata/RHSA-2025:15101
• https://access.redhat.com/errata/RHSA-2025:15102
• https://access.redhat.com/errata/RHSA-2025:15103
• https://access.redhat.com/errata/RHSA-2025:15105
• https://access.redhat.com/errata/RHSA-2025:15106
• https://access.redhat.com/errata/RHSA-2025:15709
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827
• https://access.redhat.com/errata/RHSA-2025:16524
• https://access.redhat.com/errata/RHSA-2025:18219
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:21885

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

Remediation

There is no fixed version for Ubuntu:22.04 python3.11.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-9287
• https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7
• https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db
• https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8
• https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97
• https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b
• https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483
• https://github.com/python/cpython/issues/124651
• https://github.com/python/cpython/pull/124712
• https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/
• https://security.netapp.com/advisory/ntap-20250425-0006/
• https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html
• https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Remediation

Upgrade Ubuntu:22.04 glib2.0 to version 2.72.4-0ubuntu2.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-13601
• https://access.redhat.com/errata/RHSA-2026:0936
• https://access.redhat.com/errata/RHSA-2026:0975
• https://access.redhat.com/errata/RHSA-2026:0991
• https://access.redhat.com/errata/RHSA-2026:1323
• https://access.redhat.com/errata/RHSA-2026:1324
• https://access.redhat.com/errata/RHSA-2026:1326
• https://access.redhat.com/errata/RHSA-2026:1327
• https://access.redhat.com/errata/RHSA-2026:1465
• https://access.redhat.com/errata/RHSA-2026:1608
• https://access.redhat.com/errata/RHSA-2026:1624
• https://access.redhat.com/errata/RHSA-2026:1625
• https://access.redhat.com/errata/RHSA-2026:1626
• https://access.redhat.com/errata/RHSA-2026:1627
• https://access.redhat.com/errata/RHSA-2026:1652
• https://access.redhat.com/errata/RHSA-2026:1736
• https://access.redhat.com/security/cve/CVE-2025-13601
• https://bugzilla.redhat.com/show_bug.cgi?id=2416741
• https://gitlab.gnome.org/GNOME/glib/-/issues/3827
• https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
• https://access.redhat.com/errata/RHSA-2026:2485
• https://access.redhat.com/errata/RHSA-2026:2072
• https://access.redhat.com/errata/RHSA-2026:2563
• https://access.redhat.com/errata/RHSA-2026:2064

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Remediation

Upgrade Ubuntu:22.04 libxml2 to version 2.9.13+dfsg-1ubuntu0.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6021
• https://access.redhat.com/errata/RHSA-2025:10630
• https://access.redhat.com/errata/RHSA-2025:10698
• https://access.redhat.com/errata/RHSA-2025:10699
• https://access.redhat.com/errata/RHSA-2025:11580
• https://access.redhat.com/errata/RHSA-2025:12098
• https://access.redhat.com/errata/RHSA-2025:12099
• https://access.redhat.com/errata/RHSA-2025:12199
• https://access.redhat.com/errata/RHSA-2025:12237
• https://access.redhat.com/errata/RHSA-2025:12239
• https://access.redhat.com/errata/RHSA-2025:12240
• https://access.redhat.com/errata/RHSA-2025:12241
• https://access.redhat.com/errata/RHSA-2025:13267
• https://access.redhat.com/errata/RHSA-2025:13289
• https://access.redhat.com/errata/RHSA-2025:13325
• https://access.redhat.com/errata/RHSA-2025:13335
• https://access.redhat.com/errata/RHSA-2025:13336
• https://access.redhat.com/errata/RHSA-2025:14059
• https://access.redhat.com/errata/RHSA-2025:14396
• https://access.redhat.com/errata/RHSA-2025:15308
• https://access.redhat.com/errata/RHSA-2025:15672
• https://access.redhat.com/security/cve/CVE-2025-6021
• https://bugzilla.redhat.com/show_bug.cgi?id=2372406
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/926
• https://access.redhat.com/errata/RHSA-2025:19020
• https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
• https://access.redhat.com/errata/RHSA-2025:11673

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

There is a MEDIUM severity vulnerability affecting CPython.

Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Remediation

There is no fixed version for Ubuntu:22.04 python3.11.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-6232
• https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
• https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
• https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
• https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
• https://github.com/python/cpython/issues/121285
• https://github.com/python/cpython/pull/121286
• https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
• https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4
• https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
• https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
• http://www.openwall.com/lists/oss-security/2024/09/03/5
• https://security.netapp.com/advisory/ntap-20241018-0007/
• https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Remediation

There is no fixed version for Ubuntu:22.04 python3.11.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-41105
• https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/
• https://github.com/python/cpython/issues/106242
• https://github.com/python/cpython/pull/107981
• https://github.com/python/cpython/pull/107982
• https://github.com/python/cpython/pull/107983
• https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/
• https://security.netapp.com/advisory/ntap-20231006-0015/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

Remediation

Upgrade Ubuntu:22.04 glib2.0 to version 2.72.4-0ubuntu2.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-14512
• https://access.redhat.com/security/cve/CVE-2025-14512
• https://bugzilla.redhat.com/show_bug.cgi?id=2421339

NVD Description

Note: Versions mentioned in the description apply only to the upstream wget package and not the wget package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Remediation

There is no fixed version for Ubuntu:22.04 wget.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-31879
• https://security.netapp.com/advisory/ntap-20210618-0002/
• https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

Remediation

Upgrade Ubuntu:22.04 libxml2 to version 2.9.13+dfsg-1ubuntu0.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0990
• https://access.redhat.com/security/cve/CVE-2026-0990
• https://bugzilla.redhat.com/show_bug.cgi?id=2429959

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3198
• https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d
• https://vuldb.com/?ctiid.303151
• https://vuldb.com/?id.303151
• https://vuldb.com/?submit.545773
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=32716

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

Remediation

There is no fixed version for Ubuntu:22.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11495
• https://sourceware.org/bugzilla/attachment.cgi?id=16393
• https://sourceware.org/bugzilla/show_bug.cgi?id=33502
• https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0
• https://vuldb.com/?ctiid.327620
• https://vuldb.com/?id.327620
• https://vuldb.com/?submit.668290
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.12 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11494
• https://sourceware.org/bugzilla/attachment.cgi?id=16389
• https://sourceware.org/bugzilla/show_bug.cgi?id=33499
• https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a
• https://vuldb.com/?ctiid.327619
• https://vuldb.com/?id.327619
• https://vuldb.com/?submit.668281
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11840
• https://sourceware.org/bugzilla/attachment.cgi?id=16351
• https://sourceware.org/bugzilla/attachment.cgi?id=16357
• https://sourceware.org/bugzilla/show_bug.cgi?id=33455
• https://vuldb.com/?ctiid.328775
• https://vuldb.com/?id.328775
• https://vuldb.com/?submit.661281
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.12 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11412
• https://sourceware.org/bugzilla/attachment.cgi?id=16378
• https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc
• https://vuldb.com/?ctiid.327348
• https://vuldb.com/?id.327348
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=33452

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.12 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11414
• https://sourceware.org/bugzilla/attachment.cgi?id=16361
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703
• https://vuldb.com/?ctiid.327350
• https://vuldb.com/?id.327350
• https://vuldb.com/?submit.665591
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=33450

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.12 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11413
• https://sourceware.org/bugzilla/attachment.cgi?id=16362
• https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0
• https://vuldb.com/?ctiid.327349
• https://vuldb.com/?id.327349
• https://vuldb.com/?submit.665587
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=33452

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11839
• https://sourceware.org/bugzilla/attachment.cgi?id=16344
• https://vuldb.com/?ctiid.328774
• https://vuldb.com/?id.328774
• https://vuldb.com/?submit.661279
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=33448

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

Remediation

There is no fixed version for Ubuntu:22.04 expat.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-66382
• https://github.com/libexpat/libexpat/issues/1076
• http://www.openwall.com/lists/oss-security/2025/12/02/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.

Remediation

Upgrade Ubuntu:22.04 libxml2 to version 2.9.13+dfsg-1ubuntu0.9 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-9714
• https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
• https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-apt package and not the python-apt package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Remediation

Upgrade Ubuntu:22.04 python-apt to version 2.4.0ubuntu4.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6966
• https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865
• https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-13837
• https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b
• https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70
• https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba
• https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb
• https://github.com/python/cpython/issues/119342
• https://github.com/python/cpython/pull/119343
• https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.12 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6075
• https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c
• https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427
• https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84
• https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca
• https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742
• https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba
• https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c
• https://github.com/python/cpython/issues/136065
• https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

Remediation

Upgrade Ubuntu:22.04 glib2.0 to version 2.72.4-0ubuntu2.9 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-1489
• https://access.redhat.com/security/cve/CVE-2026-1489
• https://bugzilla.redhat.com/show_bug.cgi?id=2433348

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1147
• https://sourceware.org/bugzilla/attachment.cgi?id=15881
• https://sourceware.org/bugzilla/show_bug.cgi?id=32556
• https://vuldb.com/?ctiid.295051
• https://vuldb.com/?id.295051
• https://www.gnu.org/
• https://security.netapp.com/advisory/ntap-20250404-0003/
• https://vuldb.com/?submit.485254

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-12084
• https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0
• https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4
• https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964
• https://github.com/python/cpython/issues/142145
• https://github.com/python/cpython/pull/142146
• https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437
• https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907
• https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d
• https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8
• https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af
• https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273
• https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53
• https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8
• https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

Remediation

There is no fixed version for Ubuntu:22.04 python3.11.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-40217
• https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html
• https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
• https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
• https://security.netapp.com/advisory/ntap-20231006-0014/
• https://www.python.org/dev/security/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Remediation

There is no fixed version for Ubuntu:22.04 python3.11.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-27043
• http://python.com
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/
• http://seclists.org/fulldisclosure/2025/Apr/8
• https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html
• https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
• http://python.org
• https://github.com/python/cpython/issues/102988
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/
• https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html
• https://security.netapp.com/advisory/ntap-20230601-0003/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

Remediation

There is no fixed version for Ubuntu:22.04 gnupg2.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-68972
• https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
• https://news.ycombinator.com/item?id=46404339
• https://gpg.fail/formfeed

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

Remediation

Upgrade Ubuntu:22.04 glib2.0 to version 2.72.4-0ubuntu2.9 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-1484
• https://access.redhat.com/security/cve/CVE-2026-1484
• https://bugzilla.redhat.com/show_bug.cgi?id=2433259

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

Remediation

Upgrade Ubuntu:22.04 glib2.0 to version 2.72.4-0ubuntu2.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0988
• https://access.redhat.com/security/cve/CVE-2026-0988
• https://bugzilla.redhat.com/show_bug.cgi?id=2429886

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Remediation

Upgrade Ubuntu:22.04 libxml2 to version 2.9.13+dfsg-1ubuntu0.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0989
• https://access.redhat.com/security/cve/CVE-2026-0989
• https://bugzilla.redhat.com/show_bug.cgi?id=2429933

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8225
• https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4
• https://vuldb.com/?ctiid.317813
• https://vuldb.com/?id.317813
• https://vuldb.com/?submit.621883
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1148
• https://sourceware.org/bugzilla/attachment.cgi?id=15887
• https://sourceware.org/bugzilla/show_bug.cgi?id=32576
• https://vuldb.com/?ctiid.295052
• https://vuldb.com/?id.295052
• https://vuldb.com/?submit.485747
• https://www.gnu.org/
• https://security.netapp.com/advisory/ntap-20250404-0004/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Ubuntu:22.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1180
• https://sourceware.org/bugzilla/attachment.cgi?id=15917
• https://vuldb.com/?ctiid.295083
• https://vuldb.com/?id.295083
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=32642
• https://vuldb.com/?submit.495381

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Remediation

Upgrade Ubuntu:22.04 libxml2 to version 2.9.13+dfsg-1ubuntu0.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0992
• https://access.redhat.com/security/cve/CVE-2026-0992
• https://bugzilla.redhat.com/show_bug.cgi?id=2429975

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

Remediation

Upgrade Ubuntu:22.04 glib2.0 to version 2.72.4-0ubuntu2.9 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-1485
• https://access.redhat.com/security/cve/CVE-2026-1485
• https://bugzilla.redhat.com/show_bug.cgi?id=2433325

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

Remediation

Upgrade Ubuntu:22.04 libxml2 to version 2.9.13+dfsg-1ubuntu0.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6170
• https://bugzilla.redhat.com/show_bug.cgi?id=2372952
• https://access.redhat.com/security/cve/CVE-2025-6170
• https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.13 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15281
• https://sourceware.org/bugzilla/show_bug.cgi?id=33814
• http://www.openwall.com/lists/oss-security/2026/01/20/3

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8058
• https://sourceware.org/bugzilla/show_bug.cgi?id=33185
• https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f
• http://www.openwall.com/lists/oss-security/2025/07/23/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.

Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.

Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.13 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0861
• https://sourceware.org/bugzilla/show_bug.cgi?id=33796
• https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001
• http://www.openwall.com/lists/oss-security/2026/01/16/5

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.13 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0915
• http://www.openwall.com/lists/oss-security/2026/01/16/6
• https://sourceware.org/bugzilla/show_bug.cgi?id=33802

NVD Description

Note: Versions mentioned in the description apply only to the upstream libtasn1-6 package and not the libtasn1-6 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

Remediation

Upgrade Ubuntu:22.04 libtasn1-6 to version 4.18.0-4ubuntu0.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-13151
• https://gitlab.com/gnutls/libtasn1
• https://gitlab.com/gnutls/libtasn1/-/merge_requests/121
• http://www.openwall.com/lists/oss-security/2026/01/08/5
• https://www.kb.cert.org/vuls/id/271649

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.

Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.

When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.

Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.21 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15467
• https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703
• https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9
• https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3
• https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e
• https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc
• https://openssl-library.org/news/secadv/20260127.txt
• http://www.openwall.com/lists/oss-security/2026/01/27/10
• https://github.com/guiimoraes/CVE-2025-15467

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.

Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.

Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.20 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-9230
• https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45
• https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280
• https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def
• https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd
• https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482
• https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3
• https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba
• https://openssl-library.org/news/secadv/20250930.txt
• https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html
• http://www.openwall.com/lists/oss-security/2025/09/30/5

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11468
• https://github.com/python/cpython/issues/143935
• https://github.com/python/cpython/pull/143936
• https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/
• https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2
• https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6
• https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0
• https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796
• https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15282
• https://github.com/python/cpython/issues/143925
• https://github.com/python/cpython/pull/143926
• https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/
• https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f
• https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0
• https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38
• https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80
• https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47
• https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15366
• https://github.com/python/cpython/issues/143921
• https://github.com/python/cpython/pull/143922
• https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/
• https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b45

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15367
• https://github.com/python/cpython/issues/143923
• https://github.com/python/cpython/pull/143924
• https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/
• https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874e7

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6069
• https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949
• https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41
• https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b
• https://github.com/python/cpython/issues/135462
• https://github.com/python/cpython/pull/135464
• https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/
• https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49
• https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5
• https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc
• https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.

This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8194
• https://github.com/python/cpython/issues/130577
• https://github.com/python/cpython/pull/137027
• https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/
• https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38
• https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe
• https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
• https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f
• https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227
• https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2
• https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19
• https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb
• http://www.openwall.com/lists/oss-security/2025/07/28/1
• http://www.openwall.com/lists/oss-security/2025/07/28/2

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.

Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.12 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8291
• https://github.com/python/cpython/pull/139702
• https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/
• https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267
• https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6
• https://github.com/python/cpython/issues/139700
• https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46
• https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196
• https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4
• https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388
• https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3
• https://github.com/google/security-research/security/advisories/GHSA-hhv7-p4pg-wm6p
• https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2025-12.json

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0672
• https://github.com/python/cpython/issues/143919
• https://github.com/python/cpython/pull/143920
• https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/
• https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70
• https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440
• https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172
• https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d
• https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca
• https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.10 package and not the python3.10 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

User-controlled header names and values containing newlines can allow injecting HTTP headers.

Remediation

Upgrade Ubuntu:22.04 python3.10 to version 3.10.12-1~22.04.14 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0865
• https://github.com/python/cpython/issues/143916
• https://github.com/python/cpython/pull/143917
• https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/
• https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58
• https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510
• https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2
• https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5
• https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995
• https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211
• https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Remediation

There is no fixed version for Ubuntu:22.04 python3.11.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-6597
• http://www.openwall.com/lists/oss-security/2024/03/20/5
• https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a
• https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25
• https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5
• https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d
• https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82
• https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
• https://github.com/python/cpython/issues/91133
• https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
• https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html
• https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/
• https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Remediation

There is no fixed version for Ubuntu:22.04 python3.11.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-0450
• https://security.netapp.com/advisory/ntap-20250411-0005/
• http://www.openwall.com/lists/oss-security/2024/03/20/5
• https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
• https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba
• https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675
• https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51
• https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549
• https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183
• https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b
• https://github.com/python/cpython/issues/109858
• https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html
• https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
• https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html
• https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/
• https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/
• https://www.bamsoftware.com/hacks/zipbomb/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.11 package and not the python3.11 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts ([]), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

Remediation

There is no fixed version for Ubuntu:22.04 python3.11.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-11168
• https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5
• https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550
• https://github.com/python/cpython/issues/103848
• https://github.com/python/cpython/pull/103849
• https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/
• https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e
• https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132
• https://security.netapp.com/advisory/ntap-20250411-0004/
• https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.

Remediation

There is no fixed version for Ubuntu:22.04 tar.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582
• https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md
• https://www.gnu.org/software/tar/
• https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html
• https://www.gnu.org/software/tar/manual/html_node/Integrity.html
• https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html
• http://www.openwall.com/lists/oss-security/2025/11/01/6