Home / mailingsPDF  

[USN-8134-1] pyasn1 vulnerabilities

Posted on 31 March 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8134-1
March 30, 2026

pyasn1 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in pyasn1.

Software Description:
- pyasn1: ASN.1 library for Python

Details:

It was discovered that pyasn1 could exhaust system resources when
attempting to decode a malformed certificate. An attacker could
possibly use this to cause a denial of service. (CVE-2026-23490)

Kevin Tu discovered that pyasn1 could exhaust system resources via
uncontrolled recursion when attempting to decode malicously-crafted
certificates. An attacker could possibly use this to cause a denial of
service. (CVE-2026-30922)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
pypy-pyasn1 0.4.2-3ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
python-pyasn1 0.4.2-3ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
python3-pyasn1 0.4.2-3ubuntu0.20.04.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
pypy-pyasn1 0.4.2-3ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
python-pyasn1 0.4.2-3ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
python3-pyasn1 0.4.2-3ubuntu0.18.04.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
pypy-pyasn1 0.1.9-1ubuntu0.1~esm1
Available with Ubuntu Pro
python-pyasn1 0.1.9-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-pyasn1 0.1.9-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
python-pyasn1 0.1.7-1ubuntu2.1+esm1
Available with Ubuntu Pro
python3-pyasn1 0.1.7-1ubuntu2.1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8134-1
CVE-2026-23490, CVE-2026-30922

--===============2842680592144783518==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :