|
|
Log in / Subscribe / Register

Ubuntu alert USN-8151-1 (lambdaisland-uri-clojure)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8151-1] lambdaisland/uri vulnerability


Date:
              Mon, 06 Apr 2026 17:55:55 +0000


Message-ID:
              <E1w9oB1-0001b8-VA@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8151-1
April 06, 2026

lambdaisland-uri-clojure vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

lambdaisland/uri could allow bypassing security checks or
redirecting users.

Software Description:
- lambdaisland-uri-clojure: A pure Clojure/ClojureScript URI library.

Details:

It was discovered that lambdaisland/uri did not properly sanitize
the backslash character in URI strings. An attacker could possibly
use this issue to bypass security checks or redirect users.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  liblambdaisland-uri-clojure     1.13.95-2ubuntu0.24.04.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  liblambdaisland-uri-clojure     1.13.95-2ubuntu0.22.04.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8151-1
  CVE-2023-28628




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnT80UACgkQcpJm3tlz
hgFUxw//X20sBNCj0VLQaPiReNwfqeYY7DiLA8uzj+jSEyLMAPrUZbjE0tR897hw
kb1ZjRnEtB0JOxWymoQrVNkxvGHGoaLcCEKvsPkQ5nJtY/Qm4yYng2HfhjSrb5Dp
7mutaZkGIvxjA8ZdmfAZ6CQMCAoUU7/w0pg5vJ81JQ5BsZIityAXOmdj2hxJuY/s
cQxRs6BAswBRPwwaTPMZ5fF9Y9SRnHebguz04ynmfdqtD6BDZ0rjb/3MN//nvCyU
LDmezC/C7gHdKZfXXgRvMNuLPZfbmoRW8iwDJeHt718Bgx2nfvA4ZCtWH7aKeS32
ovhGFMHjqi/WFnLy/FDTp+7Le8wcOw6a+E/Mae3Df+6UlgD0eANCD2BYlcoK1cHq
lKmu8dsjhVp+WdzQw0K3teTvknyC+AZ/4eyl8/24BxokYB4oypuIsmJSG9RfStzp
2dY/uUsGMXdLt+jHnDD5ZXnsK3GOzfdYIca2Ki2Tf5m+GJi1e/gY88v43yTa18TK
RON6FV42Qv3Vf3y1RjCUr2gvfE8BnGtNZmAzlpWl4TLgdS03sehuQjHHNknFjZER
ddWrm5f3IRiLiTc7QIU37HC/U8HtVc7BclB9XGRGlBLeWulxamw6yonGPxcdztXb
twAcFqlwqIqQvaaQzgAWFm/W4tqTTfHOUopOrC7/rM1lEo0x9rA=
=pZf0
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds