==========================================================================
Ubuntu Security Notice USN-8464-1
June 23, 2026

libnfs vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

LIBNFS could be made to crash or run programs if it connected to a
specially crafted NFS server.

Software Description:
- libnfs: NFS client library

Details:

It was discovered that LIBNFS incorrectly handled certain string sizes when
connecting to an NFS server. An attacker could use this issue to cause
LIBNFS to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libnfs-utils                    5.0.2-1ubuntu1.1
  libnfs14                        5.0.2-1ubuntu1.1

Ubuntu 25.10
  libnfs-utils                    5.0.2-1ubuntu0.25.10.1
  libnfs14                        5.0.2-1ubuntu0.25.10.1

Ubuntu 24.04 LTS
  libnfs-utils                    5.0.2-1ubuntu0.24.04.1
  libnfs14                        5.0.2-1ubuntu0.24.04.1

Ubuntu 22.04 LTS
  libnfs-utils                    4.0.0-1ubuntu0.1
  libnfs13                        4.0.0-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8464-1
  CVE-2026-53689

Package Information:
  https://launchpad.net/ubuntu/+source/libnfs/5.0.2-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/libnfs/5.0.2-1ubuntu0.25.10.1
  https://launchpad.net/ubuntu/+source/libnfs/5.0.2-1ubuntu0.24.04.1
  https://launchpad.net/ubuntu/+source/libnfs/4.0.0-1ubuntu0.1

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to