Ubuntu alert USN-8219-1 (ujson)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8219-1] UltraJSON vulnerabilities | |
| Date: | Tue, 28 Apr 2026 18:45:47 +0000 | |
| Message-ID: | <E1wHnRL-00009s-UH@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8219-1 April 28, 2026 ujson vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in UltraJSON. Software Description: - ujson: Ultra fast JSON encoder and decoder Details: Cameron Criswell discovered that UltraJSON contained a memory leak that would occur when parsing large integers. An attacker could possibly use this issue to cause UltraJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-32874) It was discovered that UltraJSON contained integer overflow/underflow issues when calculating how much memory to reserve for indentation in certain instances. An attacker could possibly use this issue to cause UltraJSON to crash, resulting in a denial of service. (CVE-2026-32875) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS python3-ujson 5.11.0-3ubuntu0.1 Ubuntu 25.10 python3-ujson 5.10.0-1ubuntu0.1 Ubuntu 24.04 LTS python3-ujson 5.9.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS python3-ujson 5.1.0-1ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8219-1 CVE-2026-32874, CVE-2026-32875 Package Information: https://launchpad.net/ubuntu/+source/ujson/5.11.0-3ubuntu0.1 https://launchpad.net/ubuntu/+source/ujson/5.10.0-1ubuntu0.1
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnw/nUACgkQcpJm3tlz hgFSXQ//f5jKJJ8f4Gb8dDGWbP3Lgd+Gay5Sar85x6Q/dtu+ZsThvSi7pV8qdobe IxoGtY+3Rj41bkzBJu0gmMSzqKXT1XStiSJ2RDcByJLGciWGbCz3IGbYdFcqerQ8 dkKyJIDc0/ECn85iQHxyi2w5Yd1Ok4M+LeQj0tceicclVTc0HTaApe0YkCxWWCzs yo/tbju45ZDevb+a14f8N/iZLG0Tz6t2oBY2m9wO0D/36gIMm3ceJyq2JpV8Ueot WQHm7XubA/9zxJ2YddAC+Bgo/rGvF400/+T/B+J0wJoB9RySU49GVEOMpSSKxjPQ NWAOlYLWDH4Dki6K+0/dD5zHaqfSkZFgYi3TN7OUDr+VzTs+QmHPXCsJWtRsf2Ff kWvFXhnTcBTt53x+X11pb0LDnvI7ssu0BMCWiwlPdWj3eUX0dYhLaE+KyI0Z3Ler 7YjLIyTa4U09OIFuiBc8D+eUTM0JPiWTXdo9Dg50qMIKrghwEoNe0Fx6r8vWtYdp b7i19ej0FLlmiqQ/E6oNHhXdLnYdjfJxT0B4HPgxdS2G6ueC9ZGdRxcktwuXPTpK gQZhE6OwD1LFwDC/k2AsRqqgXAZ+X0+ntZn9Bq676WGTy+t7uGZzCft2HTTtw3ZX ss7W7fYDW97nh/1S1cSbesFe+pSuCtkn6N8LsZxoTnXp9pl2m7s= =Bt9l -----END PGP SIGNATURE-----