Ubuntu alert USN-8133-1 (pyjwt)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8133-1] PyJWT vulnerability | |
| Date: | Mon, 30 Mar 2026 19:21:26 +0000 | |
| Message-ID: | <E1w7IAw-0002Ra-G0@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8133-1 March 30, 2026 pyjwt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: PyJWT could allow unintended access to network services. Software Description: - pyjwt: Python 3 implementation of JSON Web Token Details: It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-jwt 2.10.1-2ubuntu0.1 Ubuntu 24.04 LTS python3-jwt 2.7.0-1ubuntu0.1 Ubuntu 22.04 LTS python3-jwt 2.3.0-1ubuntu0.3 Ubuntu 20.04 LTS python3-jwt 1.7.1-2ubuntu2.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS python-jwt 1.5.3+ds1-1ubuntu0.1+esm1 Available with Ubuntu Pro python3-jwt 1.5.3+ds1-1ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS python-jwt 1.3.0-1ubuntu0.1+esm1 Available with Ubuntu Pro python3-jwt 1.3.0-1ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8133-1 CVE-2026-32597 Package Information: https://launchpad.net/ubuntu/+source/pyjwt/2.10.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/pyjwt/2.7.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pyjwt/2.3.0-1ubuntu0.3
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnKyysACgkQcpJm3tlz hgHwrhAAwZaBqY9ubVjoWdLXmaQLtHtj6ZDuv3ABTIRuMfMrOdsVGl6epf98jSIl AJQxIDCwawMQ8BwE5H9c6ucsVi98g+E+ViKiy2lkq/WQnqpWP31yVHD6Sw9c8waC DSYp36DIqQJxX2CtJU9HYU6NFaLH/MFnSI4RHiUfu11GIXnX/h1c+Gx1B+t3qKkv YTEsTkm3QHKu9Vrt6GpLUeKyUrVnlhIKUTIEZ0zWohSKGSl33Jk99miCtRuN+CwB HSP6TJ7HEWYIdZUO6S8gUFF5lLxc+gKiqAM+3RaOcQ83Cu9blE1aj03N4yoSoXGB dD4q/bbMnUbhx24Lhvkn63OsmQhYJv4MmbI9jFm6He+jSQGYZTr7WFvgcHfK2cp1 kZzXBodGQbVjinZduE5dvXpK4wVAPP/YCU9Rm+H5IJPU9ouCkBmlR7ehZB0lp1zJ i7qzPTwQae0mQJsF1mx8uXgEps8TKhsVhVto9Byo+tS0BhuLyqnxdv1xsPvvlMAV OKUvyB8/PeoIhYefp8RJyay7XwdHs1JI8qG90QQeNB3enni1TdkxFEKHT/oHGjmw 8DvfMsHTpCqfuoC+eAlJ9OG4khu2wcfx74yljrccsf6KyF4V3jB1BJHXV9hLJZC6 iG3U4YrcA6gEv4pPw/DgLiuvYNPyz/uxvIuO2+Kr8p2Tx7WjAws= =tujv -----END PGP SIGNATURE-----