USN-8362-1

Details

It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code.

Affected Packages

xz-utils

Ubuntu 22.04 LTS

Fixed in:

5.2.5-2ubuntu1.1

xz-utils

Ubuntu 24.04 LTS

Fixed in:

5.6.1+really5.4.5-1ubuntu0.3

xz-utils

Ubuntu 25.10

Fixed in:

5.8.1-1ubuntu0.1

xz-utils

Ubuntu Pro 14.04 LTS

Fixed in:

5.1.1alpha+20120614-2ubuntu2.14.04.1+esm2

xz-utils

Ubuntu Pro 16.04 LTS

Fixed in:

5.1.1alpha+20120614-2ubuntu2.16.04.1+esm2

xz-utils

Ubuntu Pro 18.04 LTS

Fixed in:

5.2.2-1.3ubuntu0.1+esm1

xz-utils

Ubuntu Pro 20.04 LTS

Fixed in:

5.2.4-1ubuntu1.1+esm1

References

REPORT

https://ubuntu.com/security/CVE-2026-34743

ADVISORY

https://ubuntu.com/security/notices/USN-8362-1