NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.

This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

Remediation

Upgrade Ubuntu:20.04 gnutls28 to version 3.6.13-2ubuntu1.12+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988
• https://access.redhat.com/security/cve/CVE-2025-32988
• https://bugzilla.redhat.com/show_bug.cgi?id=2359622
• https://access.redhat.com/errata/RHSA-2025:16115
• https://access.redhat.com/errata/RHSA-2025:16116
• https://access.redhat.com/errata/RHSA-2025:17348
• https://access.redhat.com/errata/RHSA-2025:17361
• https://access.redhat.com/errata/RHSA-2025:17415
• https://access.redhat.com/errata/RHSA-2025:19088
• https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
• http://www.openwall.com/lists/oss-security/2025/07/11/3
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:22529

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Remediation

Upgrade Ubuntu:20.04 gnutls28 to version 3.6.13-2ubuntu1.12+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990
• https://access.redhat.com/security/cve/CVE-2025-32990
• https://bugzilla.redhat.com/show_bug.cgi?id=2359620
• https://access.redhat.com/errata/RHSA-2025:16115
• https://access.redhat.com/errata/RHSA-2025:16116
• https://access.redhat.com/errata/RHSA-2025:17348
• https://access.redhat.com/errata/RHSA-2025:17361
• https://access.redhat.com/errata/RHSA-2025:17415
• https://access.redhat.com/errata/RHSA-2025:19088
• https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
• http://www.openwall.com/lists/oss-security/2025/07/11/3
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:22529

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

Remediation

Upgrade Ubuntu:20.04 perl to version 5.30.0-9ubuntu0.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-31484
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
• http://www.openwall.com/lists/oss-security/2023/04/29/1
• http://www.openwall.com/lists/oss-security/2023/05/03/3
• http://www.openwall.com/lists/oss-security/2023/05/03/5
• http://www.openwall.com/lists/oss-security/2023/05/07/2
• https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
• https://github.com/andk/cpanpm/pull/175
• https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
• https://metacpan.org/dist/CPAN/changes
• https://security.netapp.com/advisory/ntap-20240621-0007/
• https://www.openwall.com/lists/oss-security/2023/04/18/14

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

Remediation

Upgrade Ubuntu:20.04 ncurses to version 6.2-0ubuntu2.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-29491
• http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
• http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
• http://www.openwall.com/lists/oss-security/2023/04/19/10
• http://www.openwall.com/lists/oss-security/2023/04/19/11
• https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/
• https://security.netapp.com/advisory/ntap-20230517-0009/
• https://support.apple.com/kb/HT213843
• https://support.apple.com/kb/HT213844
• https://support.apple.com/kb/HT213845
• https://www.openwall.com/lists/oss-security/2023/04/12/5
• https://www.openwall.com/lists/oss-security/2023/04/13/4

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Remediation

There is no fixed version for Ubuntu:20.04 pam.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8941
• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://access.redhat.com/errata/RHSA-2025:14557
• https://access.redhat.com/errata/RHSA-2025:15100
• https://access.redhat.com/errata/RHSA-2025:15104
• https://access.redhat.com/errata/RHSA-2025:15107
• https://access.redhat.com/errata/RHSA-2025:15099
• https://access.redhat.com/errata/RHSA-2025:15101
• https://access.redhat.com/errata/RHSA-2025:15102
• https://access.redhat.com/errata/RHSA-2025:15103
• https://access.redhat.com/errata/RHSA-2025:15105
• https://access.redhat.com/errata/RHSA-2025:15106
• https://access.redhat.com/errata/RHSA-2025:15709
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827
• https://access.redhat.com/errata/RHSA-2025:16524
• https://access.redhat.com/errata/RHSA-2025:18219
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:21885

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

Remediation

Upgrade Ubuntu:20.04 perl to version 5.30.0-9ubuntu0.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-47038
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
• https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
• https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
• https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6
• https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3
• https://github.com/aquasecurity/trivy/discussions/8400
• https://ubuntu.com/security/CVE-2023-47100
• https://www.suse.com/security/cve/CVE-2023-47100.html
• https://access.redhat.com/errata/RHSA-2024:2228
• https://access.redhat.com/errata/RHSA-2024:3128
• https://access.redhat.com/security/cve/CVE-2023-47038
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
• https://bugzilla.redhat.com/show_bug.cgi?id=2249523
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Remediation

Upgrade Ubuntu:20.04 gnutls28 to version 3.6.13-2ubuntu1.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-0553
• http://www.openwall.com/lists/oss-security/2024/01/19/3
• https://access.redhat.com/errata/RHSA-2024:0533
• https://access.redhat.com/errata/RHSA-2024:0627
• https://access.redhat.com/errata/RHSA-2024:0796
• https://access.redhat.com/errata/RHSA-2024:1082
• https://access.redhat.com/errata/RHSA-2024:1108
• https://access.redhat.com/errata/RHSA-2024:1383
• https://access.redhat.com/errata/RHSA-2024:2094
• https://access.redhat.com/security/cve/CVE-2024-0553
• https://bugzilla.redhat.com/show_bug.cgi?id=2258412
• https://gitlab.com/gnutls/gnutls/-/issues/1522
• https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
• https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
• https://security.netapp.com/advisory/ntap-20240202-0011/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

Remediation

Upgrade Ubuntu:20.04 gnutls28 to version 3.6.13-2ubuntu1.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0361
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/
• https://access.redhat.com/security/cve/CVE-2023-0361
• https://github.com/tlsfuzzer/tlsfuzzer/pull/679
• https://gitlab.com/gnutls/gnutls/-/issues/1050
• https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/
• https://security.netapp.com/advisory/ntap-20230324-0005/
• https://security.netapp.com/advisory/ntap-20230725-0005/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

Remediation

Upgrade Ubuntu:20.04 gnutls28 to version 3.6.13-2ubuntu1.12+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395
• https://access.redhat.com/security/cve/CVE-2025-6395
• https://bugzilla.redhat.com/show_bug.cgi?id=2376755
• https://access.redhat.com/errata/RHSA-2025:16115
• https://access.redhat.com/errata/RHSA-2025:16116
• https://access.redhat.com/errata/RHSA-2025:17348
• https://access.redhat.com/errata/RHSA-2025:17361
• https://access.redhat.com/errata/RHSA-2025:17415
• https://access.redhat.com/errata/RHSA-2025:19088
• https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
• http://www.openwall.com/lists/oss-security/2025/07/11/3
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:22529

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Remediation

Upgrade Ubuntu:20.04 gnutls28 to version 3.6.13-2ubuntu1.9 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-5981
• http://www.openwall.com/lists/oss-security/2024/01/19/3
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
• https://access.redhat.com/errata/RHSA-2024:0155
• https://access.redhat.com/errata/RHSA-2024:0319
• https://access.redhat.com/errata/RHSA-2024:0399
• https://access.redhat.com/errata/RHSA-2024:0451
• https://access.redhat.com/errata/RHSA-2024:0533
• https://access.redhat.com/errata/RHSA-2024:1383
• https://access.redhat.com/errata/RHSA-2024:2094
• https://access.redhat.com/security/cve/CVE-2023-5981
• https://bugzilla.redhat.com/show_bug.cgi?id=2248445
• https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
• https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

Remediation

Upgrade Ubuntu:20.04 pam to version 1.3.1-5ubuntu4.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-22365
• http://www.openwall.com/lists/oss-security/2024/01/18/3
• https://github.com/linux-pam/linux-pam
• https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
• https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0
• https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.

Remediation

Upgrade Ubuntu:20.04 systemd to version 245.4-4ubuntu3.20 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4415
• https://security.netapp.com/advisory/ntap-20230216-0010/
• http://seclists.org/fulldisclosure/2025/Jun/9
• https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c
• https://www.openwall.com/lists/oss-security/2022/12/21/3

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Remediation

Upgrade Ubuntu:20.04 systemd to version 245.4-4ubuntu3.20 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3821
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/
• https://bugzilla.redhat.com/show_bug.cgi?id=2139327
• https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
• https://github.com/systemd/systemd/issues/23928
• https://github.com/systemd/systemd/pull/23933
• https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/
• https://security.gentoo.org/glsa/202305-15

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

Remediation

Upgrade Ubuntu:20.04 tar to version 1.30+dfsg-7ubuntu0.20.04.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48303
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/
• https://savannah.gnu.org/bugs/?62387
• https://savannah.gnu.org/patch/?10307

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Remediation

Upgrade Ubuntu:20.04 gnutls28 to version 3.6.13-2ubuntu1.12 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-12243
• https://access.redhat.com/security/cve/CVE-2024-12243
• https://bugzilla.redhat.com/show_bug.cgi?id=2344615
• https://gitlab.com/gnutls/libtasn1/-/issues/52
• https://lists.debian.org/debian-lts-announce/2025/02/msg00027.html
• https://access.redhat.com/errata/RHSA-2025:4051
• https://access.redhat.com/errata/RHSA-2025:7076
• https://access.redhat.com/errata/RHSA-2025:8020
• https://security.netapp.com/advisory/ntap-20250523-0002/
• https://access.redhat.com/errata/RHSA-2025:8385
• https://access.redhat.com/errata/RHSA-2025:17361

NVD Description

Note: Versions mentioned in the description apply only to the upstream libtasn1-6 package and not the libtasn1-6 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

Remediation

Upgrade Ubuntu:20.04 libtasn1-6 to version 4.16.0-2ubuntu0.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-12133
• https://access.redhat.com/security/cve/CVE-2024-12133
• https://bugzilla.redhat.com/show_bug.cgi?id=2344611
• https://gitlab.com/gnutls/libtasn1/-/issues/52
• http://www.openwall.com/lists/oss-security/2025/02/06/6
• https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html
• https://access.redhat.com/errata/RHSA-2025:4049
• https://access.redhat.com/errata/RHSA-2025:7077
• https://access.redhat.com/errata/RHSA-2025:8021
• https://security.netapp.com/advisory/ntap-20250523-0003/
• https://access.redhat.com/errata/RHSA-2025:8385
• https://access.redhat.com/errata/RHSA-2025:17347

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

Remediation

Upgrade Ubuntu:20.04 gnupg2 to version 2.2.19-3ubuntu2.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-30258
• https://dev.gnupg.org/T7527
• https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158
• https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

Remediation

There is no fixed version for Ubuntu:20.04 gnupg2.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-68972
• https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
• https://news.ycombinator.com/item?id=46404339
• https://gpg.fail/formfeed

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.

A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

Remediation

Upgrade Ubuntu:20.04 systemd to version 245.4-4ubuntu3.24+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598
• https://access.redhat.com/security/cve/CVE-2025-4598
• https://bugzilla.redhat.com/show_bug.cgi?id=2369242
• https://www.openwall.com/lists/oss-security/2025/05/29/3
• http://www.openwall.com/lists/oss-security/2025/06/05/1
• http://www.openwall.com/lists/oss-security/2025/06/05/3
• https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598
• https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/
• https://www.openwall.com/lists/oss-security/2025/08/18/3
• http://seclists.org/fulldisclosure/2025/Jun/9
• https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html
• http://www.openwall.com/lists/oss-security/2025/08/18/3
• https://access.redhat.com/errata/RHSA-2025:22660
• https://access.redhat.com/errata/RHSA-2025:22868
• https://access.redhat.com/errata/RHSA-2025:23234
• https://access.redhat.com/errata/RHSA-2025:23227
• https://access.redhat.com/errata/RHSA-2026:0414
• https://access.redhat.com/errata/RHSA-2026:1652

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.15 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2961
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
• http://www.openwall.com/lists/oss-security/2024/04/17/9
• http://www.openwall.com/lists/oss-security/2024/04/18/4
• http://www.openwall.com/lists/oss-security/2024/04/24/2
• http://www.openwall.com/lists/oss-security/2024/05/27/1
• http://www.openwall.com/lists/oss-security/2024/05/27/2
• http://www.openwall.com/lists/oss-security/2024/05/27/3
• http://www.openwall.com/lists/oss-security/2024/05/27/4
• http://www.openwall.com/lists/oss-security/2024/05/27/5
• http://www.openwall.com/lists/oss-security/2024/05/27/6
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
• https://security.netapp.com/advisory/ntap-20240531-0002/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
• https://github.com/ambionics/cnext-exploits
• https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/cves/2024/CVE-2024-2961.yaml

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

nscd: Stack-based buffer overflow in netgroup cache

If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.16 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33599
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0011/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.16 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33600
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0013/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.16 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33601
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0014/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

nscd: netgroup cache assumes NSS callback uses in-buffer strings

The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.16 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33602
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0012/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.17 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0395
• https://sourceware.org/bugzilla/show_bug.cgi?id=32582
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001
• https://sourceware.org/pipermail/libc-announce/2025/000044.html
• https://www.openwall.com/lists/oss-security/2025/01/22/4
• http://www.openwall.com/lists/oss-security/2025/01/22/4
• http://www.openwall.com/lists/oss-security/2025/01/23/2
• https://security.netapp.com/advisory/ntap-20250228-0006/
• http://www.openwall.com/lists/oss-security/2025/04/13/1
• http://www.openwall.com/lists/oss-security/2025/04/24/7
• https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.18+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-15281
• https://sourceware.org/bugzilla/show_bug.cgi?id=33814
• http://www.openwall.com/lists/oss-security/2026/01/20/3

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.18 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4802
• https://sourceware.org/bugzilla/show_bug.cgi?id=32976
• https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
• http://www.openwall.com/lists/oss-security/2025/05/16/7
• http://www.openwall.com/lists/oss-security/2025/05/17/2
• https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.18+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8058
• https://sourceware.org/bugzilla/show_bug.cgi?id=33185
• https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f
• http://www.openwall.com/lists/oss-security/2025/07/23/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.

Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.

Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.18+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0861
• https://sourceware.org/bugzilla/show_bug.cgi?id=33796
• https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001
• http://www.openwall.com/lists/oss-security/2026/01/16/5

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Remediation

Upgrade Ubuntu:20.04 glibc to version 2.31-0ubuntu9.18+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2026-0915
• http://www.openwall.com/lists/oss-security/2026/01/16/6
• https://sourceware.org/bugzilla/show_bug.cgi?id=33802

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Remediation

Upgrade Ubuntu:20.04 gnutls28 to version 3.6.13-2ubuntu1.11 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-28834
• http://www.openwall.com/lists/oss-security/2024/03/22/1
• http://www.openwall.com/lists/oss-security/2024/03/22/2
• https://people.redhat.com/~hkario/marvin/
• https://security.netapp.com/advisory/ntap-20240524-0004/
• https://access.redhat.com/errata/RHSA-2024:1784
• https://access.redhat.com/errata/RHSA-2024:1879
• https://access.redhat.com/errata/RHSA-2024:1997
• https://access.redhat.com/errata/RHSA-2024:2044
• https://access.redhat.com/errata/RHSA-2024:2570
• https://access.redhat.com/errata/RHSA-2024:2889
• https://access.redhat.com/security/cve/CVE-2024-28834
• https://bugzilla.redhat.com/show_bug.cgi?id=2269228
• https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html
• https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
• https://minerva.crocs.fi.muni.cz/

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

Remediation

Upgrade Ubuntu:20.04 tar to version 1.30+dfsg-7ubuntu0.20.04.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-39804
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079
• https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
• https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723
• https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.

Remediation

There is no fixed version for Ubuntu:20.04 tar.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582
• https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md
• https://www.gnu.org/software/tar/
• https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html
• https://www.gnu.org/software/tar/manual/html_node/Integrity.html
• https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html
• http://www.openwall.com/lists/oss-security/2025/11/01/6

NVD Description

Note: Versions mentioned in the description apply only to the upstream util-linux package and not the util-linux package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Remediation

Upgrade Ubuntu:20.04 util-linux to version 2.34-0.1ubuntu9.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-28085
• http://seclists.org/fulldisclosure/2024/Mar/35
• http://www.openwall.com/lists/oss-security/2024/03/27/5
• http://www.openwall.com/lists/oss-security/2024/03/27/6
• http://www.openwall.com/lists/oss-security/2024/03/27/7
• http://www.openwall.com/lists/oss-security/2024/03/27/8
• http://www.openwall.com/lists/oss-security/2024/03/27/9
• http://www.openwall.com/lists/oss-security/2024/03/28/1
• http://www.openwall.com/lists/oss-security/2024/03/28/2
• http://www.openwall.com/lists/oss-security/2024/03/28/3
• https://github.com/skyler-ferrante/CVE-2024-28085
• https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
• https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html
• https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/
• https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
• https://security.netapp.com/advisory/ntap-20240531-0003/
• https://www.openwall.com/lists/oss-security/2024/03/27/5