|
|
Log in / Subscribe / Register

Ubuntu alert USN-8134-1 (pyasn1)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8134-1] pyasn1 vulnerabilities


Date:
              Tue, 31 Mar 2026 07:58:34 +0000


Message-ID:
              <E1w7Tze-0003uN-Uu@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8134-1
March 30, 2026

pyasn1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in pyasn1.

Software Description:
- pyasn1: ASN.1 library for Python

Details:

It was discovered that pyasn1 could exhaust system resources when
attempting to decode a malformed certificate. An attacker could
possibly use this to cause a denial of service. (CVE-2026-23490)

Kevin Tu discovered that pyasn1 could exhaust system resources via
uncontrolled recursion when attempting to decode malicously-crafted
certificates. An attacker could possibly use this to cause a denial of
service. (CVE-2026-30922)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  pypy-pyasn1                     0.4.2-3ubuntu0.20.04.1~esm1
                                  Available with Ubuntu Pro
  python-pyasn1                   0.4.2-3ubuntu0.20.04.1~esm1
                                  Available with Ubuntu Pro
  python3-pyasn1                  0.4.2-3ubuntu0.20.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  pypy-pyasn1                     0.4.2-3ubuntu0.18.04.1~esm1
                                  Available with Ubuntu Pro
  python-pyasn1                   0.4.2-3ubuntu0.18.04.1~esm1
                                  Available with Ubuntu Pro
  python3-pyasn1                  0.4.2-3ubuntu0.18.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  pypy-pyasn1                     0.1.9-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python-pyasn1                   0.1.9-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-pyasn1                  0.1.9-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  python-pyasn1                   0.1.7-1ubuntu2.1+esm1
                                  Available with Ubuntu Pro
  python3-pyasn1                  0.1.7-1ubuntu2.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8134-1
  CVE-2026-23490, CVE-2026-30922




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIyBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnK+uwACgkQcpJm3tlz
hgFPpw/1GCtS04MBO6h9Mug6zryPfNrhkFkqtYGSSCTs19PyLu/88B1t36VyMrss
LorxOAB2+n6vNANF/jqF2a+uhlWNXNc+x02wdaW1Hq+wUkEPsKMYwG/bmsTo2G0n
+9so5WmzfmlJMblBCsn9oHpPFx8MJVxZQarUKvcbUMtNN2XxNlPE/y3C2n/lUQnb
2h5Y/Te3taVsEu9rxevbkHmM/tTwAGOqgZJcX4EjKERPbwKRcE8/FJChgM4q7Mij
9yF3r5+WibIBF3PRxf0gcNDQevGMD6ziopNRazgvLpupLx9W5Nxiz0G0AQeYWf75
HSZyPU6gLCDImM3Rv6qQulSAr9p1jRwAL8b6zlgSAQ/UagKAVqVQM5mq75J4s0NH
HMBGbOvV7cs96N3Tx2zWBFAK8VUYSkDp0A1wyWwKy06p8txEmrdoRrQfjcNKh1iT
NTyuXxNecRRLUTHYcurwtumeCIyagxdzJn9WPERMSPsp7N+uzH28uO7dPd3RhLL9
qeFHQirSwWn8g3h9+oyuYKepzz/HB5R7HDQrAO9iQ7ntya5zonWS4V99BIkQCxBL
crOSaTHKY+Acc6qaMB6oq2tnZ5k6TvS02B1/bn12gFIp1mGEsGiqgy5tF4YtbB1k
yIqDUi5qcrwNQqaqToVnmxPEgA81K5X6NGQri+Gso9dKc+MgCw==
=gmpK
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds