|
|
Log in / Subscribe / Register

Ubuntu alert USN-8123-1 (mbedtls)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8123-1] Mbed TLS vulnerabilities


Date:
              Wed, 25 Mar 2026 20:48:13 +0000


Message-ID:
              <E1w5V9B-0008Kv-Jn@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8123-1
March 25, 2026

mbedtls vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in mbedtls.

Software Description:
- mbedtls: Lightweight crypto and SSL/TLS library

Details:

It was discovered that Mbed TLS incorrectly handled memory allocation
failures. A remote attacker could possibly use this issue to crash
the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-44732)

Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted
inputs. A remote attacker could possibly use this issue to crash the
program, resulting in a denial of service. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS. (CVE-2024-23775)

It was discovered that Mbed TLS incorrectly handled the TLS
handshake. A remote attacker could possibly use this issue to
break the security guarantees of the TLS handshake.
(CVE-2025-27810)

Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly
documented the behavior of a function. Application code relying
on the documented behavior might be affected. A remote attacker
could possibly use this issue to execute arbitrary code.
(CVE-2025-47917)

Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly handled
crafted input. A remote attacker could possibly use this issue to
crash the program, resulting in a denial of service. (CVE-2025-48965)

It was discovered that Mbed TLS incorrectly handled a race condition.
An attacker could possibly use this issue to extract AES keys.
(CVE-2025-52496)

Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly handled
certain invalid input. A remote attacker could possibly use this
issue to crash the program, resulting in a denial of service.
(CVE-2025-52497)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libmbedcrypto7t64               2.28.8-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libmbedtls-dev                  2.28.8-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libmbedtls14t64                 2.28.8-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libmbedx509-1t64                2.28.8-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  libmbedcrypto7                  2.28.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libmbedtls-dev                  2.28.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libmbedtls14                    2.28.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libmbedx509-1                   2.28.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libmbedcrypto3                  2.16.4-1ubuntu2+esm1
                                  Available with Ubuntu Pro
  libmbedtls-dev                  2.16.4-1ubuntu2+esm1
                                  Available with Ubuntu Pro
  libmbedtls12                    2.16.4-1ubuntu2+esm1
                                  Available with Ubuntu Pro
  libmbedx509-0                   2.16.4-1ubuntu2+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libmbedcrypto1                  2.8.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libmbedtls-dev                  2.8.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libmbedtls10                    2.8.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libmbedx509-0                   2.8.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8123-1
  CVE-2021-44732, CVE-2024-23775, CVE-2025-27810, CVE-2025-47917,
  CVE-2025-48965, CVE-2025-52496, CVE-2025-52497




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnESZQACgkQcpJm3tlz
hgFGkA//cP+OQ5LgbkUQ3sFo2SYnTD3G+5cA+pzN0pqPIDi4uifzY2ni46Nofzfy
Z+mfnHJijikkTEap/7iR8AcVowwUpUacCkFcXeMxBvX5Tpcna1AuW4mYxzd7fpWU
LEigMGxNZasDIrXZaynSJJ648BbAZo8dtCqDlhCw+gSxL/cJSaWBXfvtjBWVo20a
jYS6P5Zo+LDCwOFxZrnux/Oi/KnMi2fmoIMLtt/jNd0vADPj67kEu/v3mumKd1Ty
eX13/Y4O3n7xOheiqkolQKUOxaxr6ImE5bdS3IATNf6YCs7o0+cN2kmEP4arDAZ6
+DMi+ZRPIPthheOHpIDo6PST3iFDz/cajDud9+5YGY29anVB4FPmT6fBKw1RcMmo
sHATpxMF+AqXdeOD4oZwcq3oX+AUjQgzCBI6vOcMJcYYt8hygET0Vx0FtgPEeM2n
qJm+6+pCZfzMoRicDIuo2SXlK2cVi6j+0Dl4TDE/H1acP+wb27ZqRn1z4bto638w
cqIvObYUCbD+NmpAnCHzTpcdq4e3jECSVSlSlXvXiMAIFW6nYJwNnjwFaD4S6toY
aTCbrehtLf6dTy4TUfJ31b1mWmBzZ6VJtS7waP8Q3fzWTETMZ4XzfAYYU7qw+Gle
xGtNu1ZHkBPNqYY11C+U2rarQCAGxQWdRDNHeKnDFxtGiGELk8A=
=CExd
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds