NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.

This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

Remediation

Upgrade Ubuntu:18.04 gnutls28 to version 3.5.18-1ubuntu1.6+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988
• https://access.redhat.com/security/cve/CVE-2025-32988
• https://bugzilla.redhat.com/show_bug.cgi?id=2359622
• https://access.redhat.com/errata/RHSA-2025:16115
• https://access.redhat.com/errata/RHSA-2025:16116
• https://access.redhat.com/errata/RHSA-2025:17348
• https://access.redhat.com/errata/RHSA-2025:17361
• https://access.redhat.com/errata/RHSA-2025:17415
• https://access.redhat.com/errata/RHSA-2025:19088
• https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
• http://www.openwall.com/lists/oss-security/2025/07/11/3
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:22529

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Remediation

Upgrade Ubuntu:18.04 gnutls28 to version 3.5.18-1ubuntu1.6+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990
• https://access.redhat.com/security/cve/CVE-2025-32990
• https://bugzilla.redhat.com/show_bug.cgi?id=2359620
• https://access.redhat.com/errata/RHSA-2025:16115
• https://access.redhat.com/errata/RHSA-2025:16116
• https://access.redhat.com/errata/RHSA-2025:17348
• https://access.redhat.com/errata/RHSA-2025:17361
• https://access.redhat.com/errata/RHSA-2025:17415
• https://access.redhat.com/errata/RHSA-2025:19088
• https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
• http://www.openwall.com/lists/oss-security/2025/07/11/3
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:22529

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Remediation

There is no fixed version for Ubuntu:18.04 pam.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8941
• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://access.redhat.com/errata/RHSA-2025:14557
• https://access.redhat.com/errata/RHSA-2025:15100
• https://access.redhat.com/errata/RHSA-2025:15104
• https://access.redhat.com/errata/RHSA-2025:15107
• https://access.redhat.com/errata/RHSA-2025:15099
• https://access.redhat.com/errata/RHSA-2025:15101
• https://access.redhat.com/errata/RHSA-2025:15102
• https://access.redhat.com/errata/RHSA-2025:15103
• https://access.redhat.com/errata/RHSA-2025:15105
• https://access.redhat.com/errata/RHSA-2025:15106
• https://access.redhat.com/errata/RHSA-2025:15709
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827
• https://access.redhat.com/errata/RHSA-2025:16524
• https://access.redhat.com/errata/RHSA-2025:18219
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:21885

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Remediation

Upgrade Ubuntu:18.04 ncurses to version 6.1-1ubuntu1.18.04.1+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-19189
• http://seclists.org/fulldisclosure/2023/Dec/10
• http://seclists.org/fulldisclosure/2023/Dec/11
• http://seclists.org/fulldisclosure/2023/Dec/9
• https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
• https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html
• https://security.netapp.com/advisory/ntap-20231006-0005/
• https://support.apple.com/kb/HT214036
• https://support.apple.com/kb/HT214037
• https://support.apple.com/kb/HT214038

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Remediation

Upgrade Ubuntu:18.04 gnutls28 to version 3.5.18-1ubuntu1.6+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-5981
• http://www.openwall.com/lists/oss-security/2024/01/19/3
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
• https://access.redhat.com/errata/RHSA-2024:0155
• https://access.redhat.com/errata/RHSA-2024:0319
• https://access.redhat.com/errata/RHSA-2024:0399
• https://access.redhat.com/errata/RHSA-2024:0451
• https://access.redhat.com/errata/RHSA-2024:0533
• https://access.redhat.com/errata/RHSA-2024:1383
• https://access.redhat.com/errata/RHSA-2024:2094
• https://access.redhat.com/security/cve/CVE-2023-5981
• https://bugzilla.redhat.com/show_bug.cgi?id=2248445
• https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
• https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream gcc-8 package and not the gcc-8 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Remediation

There is no fixed version for Ubuntu:18.04 gcc-8.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-13844
• http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html
• https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
• https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions
• https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html
• https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation
• http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html
• http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

Remediation

Upgrade Ubuntu:18.04 pam to version 1.1.8-3.6ubuntu2.18.04.6+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-22365
• http://www.openwall.com/lists/oss-security/2024/01/18/3
• https://github.com/linux-pam/linux-pam
• https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
• https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0
• https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

Remediation

Upgrade Ubuntu:18.04 gnupg2 to version 2.2.4-1ubuntu1.6+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-30258
• https://dev.gnupg.org/T7527
• https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158
• https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

Remediation

There is no fixed version for Ubuntu:18.04 gnupg2.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-68972
• https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
• https://news.ycombinator.com/item?id=46404339
• https://gpg.fail/formfeed

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Remediation

Upgrade Ubuntu:18.04 glibc to version 2.27-3ubuntu1.6+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2961
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
• http://www.openwall.com/lists/oss-security/2024/04/17/9
• http://www.openwall.com/lists/oss-security/2024/04/18/4
• http://www.openwall.com/lists/oss-security/2024/04/24/2
• http://www.openwall.com/lists/oss-security/2024/05/27/1
• http://www.openwall.com/lists/oss-security/2024/05/27/2
• http://www.openwall.com/lists/oss-security/2024/05/27/3
• http://www.openwall.com/lists/oss-security/2024/05/27/4
• http://www.openwall.com/lists/oss-security/2024/05/27/5
• http://www.openwall.com/lists/oss-security/2024/05/27/6
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
• https://security.netapp.com/advisory/ntap-20240531-0002/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
• https://github.com/ambionics/cnext-exploits
• https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/cves/2024/CVE-2024-2961.yaml

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

nscd: Stack-based buffer overflow in netgroup cache

If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:18.04 glibc to version 2.27-3ubuntu1.6+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33599
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0011/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:18.04 glibc to version 2.27-3ubuntu1.6+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33600
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0013/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:18.04 glibc to version 2.27-3ubuntu1.6+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33601
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0014/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

nscd: netgroup cache assumes NSS callback uses in-buffer strings

The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:18.04 glibc to version 2.27-3ubuntu1.6+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33602
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0012/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

Remediation

Upgrade Ubuntu:18.04 glibc to version 2.27-3ubuntu1.6+esm4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0395
• https://sourceware.org/bugzilla/show_bug.cgi?id=32582
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001
• https://sourceware.org/pipermail/libc-announce/2025/000044.html
• https://www.openwall.com/lists/oss-security/2025/01/22/4
• http://www.openwall.com/lists/oss-security/2025/01/22/4
• http://www.openwall.com/lists/oss-security/2025/01/23/2
• https://security.netapp.com/advisory/ntap-20250228-0006/
• http://www.openwall.com/lists/oss-security/2025/04/13/1
• http://www.openwall.com/lists/oss-security/2025/04/24/7
• https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Remediation

Upgrade Ubuntu:18.04 glibc to version 2.27-3ubuntu1.6+esm5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4802
• https://sourceware.org/bugzilla/show_bug.cgi?id=32976
• https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
• http://www.openwall.com/lists/oss-security/2025/05/16/7
• http://www.openwall.com/lists/oss-security/2025/05/17/2
• https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.

Remediation

There is no fixed version for Ubuntu:18.04 glibc.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8058
• https://sourceware.org/bugzilla/show_bug.cgi?id=33185
• https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f
• http://www.openwall.com/lists/oss-security/2025/07/23/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

Remediation

Upgrade Ubuntu:18.04 tar to version 1.29b-2ubuntu0.4+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-39804
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079
• https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
• https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723
• https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.

Remediation

There is no fixed version for Ubuntu:18.04 tar.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582
• https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md
• https://www.gnu.org/software/tar/
• https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html
• https://www.gnu.org/software/tar/manual/html_node/Integrity.html
• https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html
• http://www.openwall.com/lists/oss-security/2025/11/01/6