Ubuntu alert USN-8128-1 (libcryptx-perl)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8128-1] CryptX vulnerabilities | |
| Date: | Thu, 26 Mar 2026 17:47:05 +0000 | |
| Message-ID: | <E1w5onR-0004Yr-5Q@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8128-1 March 26, 2026 libcryptx-perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in CryptX. Software Description: - libcryptx-perl: Perl modules providing cryptography based on LibTomCrypt library Details: It was discovered that CryptX did not verify authentication tags while performing GCM and ChaCha20-Poly1305 decryption. An attacker could possibly use this issue to cause CryptX to accept modified ciphertext, leading to data integrity violations or authentication bypass. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-25099) It was discovered that CryptX included a version of the tomcrypt library that was susceptible to malformed unicode handling. An attacker could possibly use this issue to cause unexpected behavior or incorrect processing of crafted input. This issue only affected Ubuntu 18.04 LTS. (CVE-2025-40912) It was discovered that CryptX included a version of the libtommath library that was susceptible to an integer overflow. An attacker could possibly use this issue to cause memory corruption or a denial of service. (CVE-2025-40914) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libcryptx-perl 0.080-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libcryptx-perl 0.076-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libcryptx-perl 0.067-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libcryptx-perl 0.056-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8128-1 CVE-2018-25099, CVE-2025-40912, CVE-2025-40914
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnFcGkACgkQcpJm3tlz hgHTuw//VSjqdKs3Hyscsov8AECROtc9hfzLsFGbBW9hqqmq02o8FnH196mFKCBD s+NYYMy2w6H2qQIbSyBzCxdA7MGHmoCdzMdL/7ivIqVAS5tsRG5o0J1rZHXWR5Y7 d/sIzQ6ts1jlRd8g7OZrzRSsaNSfFajbN4rtmRbaewe11jk8v2avycHcE8F3EdPd s+Jl5/B3v20f7iVh8UEi6SEr2ul6vEfJw3EFERk+LH+A1IoOjXkcLhHU00HRCLI6 7XKjzn3QU4qXHTGVGHu0YjqisYB3z8cdhoJUyk07pSpciNEVCnHYg9tbxe2HRwwI zmJXlTzu9CqtSmDuCgc9skVQ5G4AVzSCi3wEC0kwGI50FkvbPuwtJPIaxJeQdAnF DN54ZhDZ+yJfDDWKZs+ZLyOBeRRIZZAy2Y9DU/wbUYWEPZnzFbBso/Zbh+BFfK/6 PAg5hdtUWm4yf5OoQS5N0zM0BqCIqJtw73XxcLtCtICXkFJ2A3uXFqwG5i5Iv+tZ NfcquREN4q1tCWQPswxU9jndJsXiTvQgPKwCUJugG6pQK0lY2egMh65mU7cQUdp2 U8uz1Dzhiip4w2LTRe5Ar34Q3NVXekvYHQ7uhHo5Q9R9IZgsKVwqrceB909q+pwF KXCPMVb1kd4nxhHqRcCi83TQ1BNiouTZH4bFBzh5jxju3sb42G0= =Jgb9 -----END PGP SIGNATURE-----