Ubuntu alert USN-8362-1 (xz-utils)
| From: | noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8362-1] XZ Utils vulnerability | |
| Date: | Tue, 02 Jun 2026 12:07:03 +0000 | |
| Message-ID: | <E1wUNtf-0003Cw-8k@lists.ubuntu.com> | |
| Cc: | noreply+usn-bot@canonical.com |
========================================================================== Ubuntu Security Notice USN-8362-1 June 02, 2026 xz-utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: XZ Utils could be made to crash or run programs as your login if it received specially crafted input. Software Description: - xz-utils: XZ-format compression utilities Details: It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 liblzma5 5.8.1-1ubuntu0.1 xz-utils 5.8.1-1ubuntu0.1 xzdec 5.8.1-1ubuntu0.1 Ubuntu 24.04 LTS liblzma5 5.6.1+really5.4.5-1ubuntu0.3 xz-utils 5.6.1+really5.4.5-1ubuntu0.3 xzdec 5.6.1+really5.4.5-1ubuntu0.3 Ubuntu 22.04 LTS liblzma5 5.2.5-2ubuntu1.1 xz-utils 5.2.5-2ubuntu1.1 xzdec 5.2.5-2ubuntu1.1 Ubuntu 20.04 LTS liblzma5 5.2.4-1ubuntu1.1+esm1 Available with Ubuntu Pro xz-utils 5.2.4-1ubuntu1.1+esm1 Available with Ubuntu Pro xzdec 5.2.4-1ubuntu1.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS liblzma5 5.2.2-1.3ubuntu0.1+esm1 Available with Ubuntu Pro xz-utils 5.2.2-1.3ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS liblzma5 5.1.1alpha+20120614-2ubuntu2.16.04.1+esm2 Available with Ubuntu Pro xz-utils 5.1.1alpha+20120614-2ubuntu2.16.04.1+esm2 Available with Ubuntu Pro xzdec 5.1.1alpha+20120614-2ubuntu2.16.04.1+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS liblzma5 5.1.1alpha+20120614-2ubuntu2.14.04.1+esm2 Available with Ubuntu Pro xz-utils 5.1.1alpha+20120614-2ubuntu2.14.04.1+esm2 Available with Ubuntu Pro xzdec 5.1.1alpha+20120614-2ubuntu2.14.04.1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8362-1 CVE-2026-34743 Package Information: https://launchpad.net/ubuntu/+source/xz-utils/5.8.1-1ubun... https://launchpad.net/ubuntu/+source/xz-utils/5.6.1+reall... https://launchpad.net/ubuntu/+source/xz-utils/5.2.5-2ubun...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoexVYACgkQcpJm3tlz hgHD2Q//aN63/HXXgIC/bvgT4ax8PblZsFdfb77OqkzNBeP8FAqQp8P8St7ifWEF QydB1O17mmjXsqLtZAlTRFg68CIMbI2N1bMjbPz4wHVCA1a668DRvby7lrPCbgqy d40gKrt3HN6aKsMRvicaw5rkGbVAQXs5XAT4E3RaS/47/McB529fdGXKZ3FLB7f2 iscofwWZKmRwkaDq0ADuosaeTBCPqjpc11nNeD4xUZIp0uT+oe6tdRAdDJ56p5tp 7ocFJJZ2BOy6hIu0CZ2CGX/XvOzoKtC6tU/85gfW8OIqSbZT+K0tkrDG6N3A/CBn Yz+4j6X7hsa4dfvT+y2MRRiVxXCo6Ml6qTo9iwbEN+WiWrxGrrBeqnI1KFrtJ/Ky yHZFhn0LciAE98ps/Linvqd7MJAKJjCrrrxAYKfavdemDbkFwlJ0GpQ/v2r4kguu kK3yc0uMsn7Lm9VprqdE3kLDnF2deL8p2UvmVLj5YIZj2Zezbwl4ASubmmLzWlyD Jkbwj1YLNvDTDgng5Uj04Gak7khjQTfiBG7ukhQGCBNVVFjU0ZhoJpyymjN9tYDX 9AhhzwryOAM6Fdeo2k8u4dtdzAFjAUtjXvHlFmsuQO7sAme6xmApdqRJtuBUI4uq XzoM/rSVgmmOQpViDOLtZz2FeUoiBG5U7QRmn4X7D+TRxpwLyfo= =vm0o -----END PGP SIGNATURE-----