NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

Remediation

There is no fixed version for Ubuntu:24.04 glibc.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013
• https://akkadia.org/drepper/SHA-crypt.txt
• https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
• https://twitter.com/solardiz/status/795601240151457793

NVD Description

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Remediation

There is no fixed version for Ubuntu:24.04 coreutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781
• https://security-tracker.debian.org/tracker/CVE-2016-2781
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://www.openwall.com/lists/oss-security/2016/02/28/2
• http://www.openwall.com/lists/oss-security/2016/02/28/3
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Remediation

There is no fixed version for Ubuntu:24.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13716
• https://security-tracker.debian.org/tracker/CVE-2017-13716
• https://sourceware.org/bugzilla/show_bug.cgi?id=22009

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Remediation

Upgrade Ubuntu:24.04 gnutls28 to version 3.8.3-1.1ubuntu3.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-9820
• https://access.redhat.com/security/cve/CVE-2025-9820
• https://bugzilla.redhat.com/show_bug.cgi?id=2392528
• https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5
• https://gitlab.com/gnutls/gnutls/-/issues/1732
• https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
• http://www.openwall.com/lists/oss-security/2025/11/20/2
• https://access.redhat.com/errata/RHSA-2026:3477

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Remediation

There is no fixed version for Ubuntu:24.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1152
• https://sourceware.org/bugzilla/attachment.cgi?id=15887
• https://sourceware.org/bugzilla/show_bug.cgi?id=32576
• https://vuldb.com/?ctiid.295056
• https://vuldb.com/?id.295056
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

Remediation

There is no fixed version for Ubuntu:24.04 gnupg2.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219
• https://access.redhat.com/security/cve/CVE-2022-3219
• https://bugzilla.redhat.com/show_bug.cgi?id=2127010
• https://dev.gnupg.org/D556
• https://dev.gnupg.org/T5993
• https://marc.info/?l=oss-security&m=165696590211434&w=4
• https://security.netapp.com/advisory/ntap-20230324-0001/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh package and not the libssh package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

Remediation

Upgrade Ubuntu:24.04 libssh to version 0.10.6-2ubuntu0.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8277
• https://access.redhat.com/security/cve/CVE-2025-8277
• https://bugzilla.redhat.com/show_bug.cgi?id=2383888

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.

Remediation

There is no fixed version for Ubuntu:24.04 curl.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167
• https://curl.se/docs/CVE-2025-0167.json
• https://hackerone.com/reports/2917232
• https://security.netapp.com/advisory/ntap-20250306-0008/
• https://curl.se/docs/CVE-2025-0167.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection.

A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.

Remediation

Upgrade Ubuntu:24.04 curl to version 8.5.0-2ubuntu10.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-10148
• https://curl.se/docs/CVE-2025-10148.html
• https://curl.se/docs/CVE-2025-10148.json
• https://hackerone.com/reports/3330839
• http://www.openwall.com/lists/oss-security/2025/09/10/2
• http://www.openwall.com/lists/oss-security/2025/09/10/3
• http://www.openwall.com/lists/oss-security/2025/09/10/4

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

Remediation

Upgrade Ubuntu:24.04 curl to version 8.5.0-2ubuntu10.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-14819
• https://curl.se/docs/CVE-2025-14819.html
• https://curl.se/docs/CVE-2025-14819.json
• http://www.openwall.com/lists/oss-security/2026/01/07/5

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file.

Remediation

Upgrade Ubuntu:24.04 curl to version 8.5.0-2ubuntu10.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15079
• https://curl.se/docs/CVE-2025-15079.html
• https://curl.se/docs/CVE-2025-15079.json
• https://hackerone.com/reports/3477116
• http://www.openwall.com/lists/oss-security/2026/01/07/6

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

Remediation

Upgrade Ubuntu:24.04 curl to version 8.5.0-2ubuntu10.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15224
• https://curl.se/docs/CVE-2025-15224.html
• https://curl.se/docs/CVE-2025-15224.json
• https://hackerone.com/reports/3480925
• http://www.openwall.com/lists/oss-security/2026/01/07/7

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

Remediation

Upgrade Ubuntu:24.04 curl to version 8.5.0-2ubuntu10.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-14524
• https://curl.se/docs/CVE-2025-14524.html
• https://curl.se/docs/CVE-2025-14524.json
• https://hackerone.com/reports/3459417
• http://www.openwall.com/lists/oss-security/2026/01/07/4

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

Remediation

There is no fixed version for Ubuntu:24.04 libgcrypt20.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
• https://access.redhat.com/errata/RHSA-2024:9404
• https://bugzilla.redhat.com/show_bug.cgi?id=2268268
• https://access.redhat.com/errata/RHSA-2025:3534
• https://access.redhat.com/errata/RHSA-2025:3530
• https://access.redhat.com/security/cve/CVE-2024-2236
• https://bugzilla.redhat.com/show_bug.cgi?id=2245218

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Ubuntu:24.04 libssh to version 0.10.6-2ubuntu0.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0965

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Ubuntu:24.04 libssh to version 0.10.6-2ubuntu0.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0966

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

Remediation

There is no fixed version for Ubuntu:24.04 openssl.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996
• https://dheatattack.gitlab.io/details/
• https://dheatattack.gitlab.io/faq/
• https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1

NVD Description

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.

Remediation

There is no fixed version for Ubuntu:24.04 shadow.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433
• https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241
• https://github.com/shadow-maint/shadow/issues/1157
• https://github.com/shadow-maint/shadow/releases/tag/4.4