Ubuntu alert USN-7975-1 (pyasn1)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7975-1] pyasn1 vulnerability | |
| Date: | Thu, 22 Jan 2026 20:21:59 +0000 | |
| Message-ID: | <E1vj1Bn-000785-EX@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7975-1 January 22, 2026 pyasn1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: pyasn1 could be made to crash if it received specially crafted input. Software Description: - pyasn1: ASN.1 library for Python Details: It was discovered that pyasn1 incorrectly handled malformed RELATIVE-OIDs with excessive continuation octets. An attacker could possibly use this issue to cause pyasn1 to consume memory, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-pyasn1 0.6.1-1ubuntu0.1 Ubuntu 24.04 LTS python3-pyasn1 0.4.8-4ubuntu0.1 Ubuntu 22.04 LTS python3-pyasn1 0.4.8-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7975-1 CVE-2026-23490 Package Information: https://launchpad.net/ubuntu/+source/pyasn1/0.6.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pyasn1/0.4.8-4ubuntu0.1 https://launchpad.net/ubuntu/+source/pyasn1/0.4.8-1ubuntu0.1
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmlyhtEACgkQcpJm3tlz hgFvNhAAkp6EYoFJwbgIubrV2sntc41Cr/OgICXodKqmVnabV4luXCd6qaEej1Xg CyevMZTclbQQeKyBN1OweYI8eGB6GkaXsDb96JUKSzAwHeUfoVKrcNofECeIp7tB WoTKk/WdKGdWuyITRUTnI3ZZkLXHjEUG2uFZuZnH/CMhOlFW8QJeyBq0Pn8ApI5V d1HSCEc3weeNFxbMrHSCKQLbkmEMdD4sCAckbMAT05PLYoQ5JShYWjOgNvxExI/C yd3l92R0D7T84fQ1HVro6trsBF9vMxyPow7FkdeuzCOk9mG/oIkD70cj4Cmy51hp vJG+AdAgznZOmkFaKXzEJ08/P3JbjBEs2iaQ/WRKpUQq9mFt7RZJFT4iKrJLq2gb OXCqk6IQORNvF7hwc2lpebZv2bk/+j1WbusCppVAI4o2NN3KZ/dTEdrzpcssR7bl H7lg2Xzs6hACS9PH5A0smyiO3B7TiCyLPSOutcyUs/I4Y08x/Dyyl2qmg+kBHST/ zEvQ86NfpJs/R3LjbT2JhcV2TQoz8QKKQNDukjH6GbcCWten0czqk0C+0/geUHuc 73oci6BqxEiRGDVpOOW0+0RqgD+miUebCGruUQwEGNIYA1c/o8nZfwK7QZfxuyos vWjFnJYJTXMYQIoRNv1gINPD4cgdXNnk7waA9BJ5pedJ9jMgL1k= =ZYHz -----END PGP SIGNATURE-----