|
|
Log in / Subscribe / Register

Ubuntu alert USN-8024-1 (libwebsockets)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8024-1] Libwebsockets vulnerabilities


Date:
              Thu, 12 Feb 2026 03:56:38 +0000


Message-ID:
              <E1vqNok-0002n4-Tg@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8024-1
February 11, 2026

libwebsockets vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Libwebsockets.

Software Description:
- libwebsockets: C library for building WebSocket-based network applications

Details:

Raffaele Bova discovered that Libwebsockets incorrectly handled memory
when the upgrade header is not valid in the WebSocket server. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2025-11677)

Raffaele Bova discovered that Libwebsockets did not properly check the
size of the destination buffer in the async-dns component. An attacker
could possibly use this issue to cause applications to crash, leading to a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-11678)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libwebsockets19t64              4.3.3-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  libwebsockets16                 4.0.20-2ubuntu1.1

Ubuntu 20.04 LTS
  libwebsockets15                 3.2.1-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8024-1
  CVE-2025-11677, CVE-2025-11678

Package Information:
  https://launchpad.net/ubuntu/+source/libwebsockets/4.0.20...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmNT08ACgkQcpJm3tlz
hgEjcBAAsAGboEANKcoZzPBQeIFN2Zoq59XqjRF+Hn1o89OXUAm3bzTKwkEIuRG9
ZagACSY1KzI8IPxacyGmHLslci/x5qUyLASqWdmOoGXpsIygBueOoacPhb4jIbQw
nQgn3ZKXlY1auObAEpoBraAywKodiJaEKMA131HFV4Z0jXZg2nNTAblYbPRZwIFo
tVbWErSqTSZQKpClEPtlJNw9eQ/4+RotBO2AeBwACPWvQEUumqztRSje/9APNrV+
W6al71UM68X7xvlUVdAUnm0PuJFsmJZDYZQtqxWk9j6yuaxMUrwzQkn1911HUuiT
KmwVfAUMZLl4Oo9hndDlcXErEzFVewRhbXc8TJfviY/YzCWOLkC3xfEf6S2cNUdf
wUVqkJFY7kR44bG58AomhY/8bC3PqIeVBDA7K3mj+23EvU0RavbQkYkUdCxWLNht
mGW21tvtnmbLbmGbyQyd6EwN8+3pTRtwwccP8OO1jcX0H1N/VnsUrf8qRKXKtd+4
L/qYAU9hoFQ5ncsPbd3zyjt/pwzXE6r91l/VKqcBuD+5i5D+QrIm0oHEAETvS0rz
8bFgy/cJT/Uc/XXQ70hizh6FvTxscN7TCLV4+KGWUE2+5NdIYU+12oJaQXvqLo4Q
yTGRNGAF1+nfWiaxv1r0GcV3Fy2Eh9zl4NyEN1pJMvG3wucDYRM=
=XBDM
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds