Python Marshmallow, Kmod, zuluCrypt updates for Ubuntu

Ubuntu 7072 Published by

Ubuntu issued multiple security updates to address critical flaws across its supported LTS distributions. Developers using python marshmallow will find patches for two separate issues that previously allowed sensitive data leaks and service disruptions. System administrators must also apply a kmod update that blocks a problematic kernel module capable of granting unauthorized root access through a logic flaw. Finally the zulucrypt encryption utility received a straightforward fix for weak PolicyKit configurations that enabled local privilege escalation.

[USN-8225-1] Python marshmallow vulnerabilities
[USN-8226-2] kmod update
[USN-8226-1] kmod update
[USN-8218-1] zuluCrypt vulnerability




[USN-8225-1] Python marshmallow vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8225-1
April 30, 2026

python-marshmallow vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Python marshmallow.

Software Description:
- python-marshmallow: ORM/ODM/framework-agnostic library for converting complex datatypes.

Details:

Jared Deckard discovered that Python marshmallow did not correctly
handle hiding certain fields. An attacker could possibly use this issue
to leak sensitive information. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-17175)

It was discovered that Python marshmallow did not efficiently handle
merging certain objects. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2025-68480)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
python3-marshmallow 3.26.1-0.4ubuntu0.1~esm1
Available with Ubuntu Pro
python3-marshmallow-doc 3.26.1-0.4ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 24.04 LTS
python3-marshmallow 3.20.1-1.1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-marshmallow-doc 3.20.1-1.1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
python3-marshmallow 3.13.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-marshmallow-doc 3.13.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
python3-marshmallow 3.4.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-marshmallow-doc 3.4.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
python3-marshmallow 3.0.0b3-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-marshmallow-doc 3.0.0b3-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8225-1
CVE-2018-17175, CVE-2025-68480



[USN-8226-2] kmod update


==========================================================================
Ubuntu Security Notice USN-8226-2
April 30, 2026

kmod update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

kmod has been updated to block loading of the algif_aead kernel module.

Software Description:
- kmod: tools for managing Linux kernel modules

Details:

USN-8226-1 added a mitigation to kmod to disable loading the algif_aead
module. This update adds the same mitigation to Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that the Linux kernel algif_aead module contained a logic
flaw allowing a local attacker to escalate privileges to root. This update
to the kmod package disables loading the algif_aead module as a measure to
mitigate the issue until kernel updates are made available.

See the following URL for more information
https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
kmod 27-1ubuntu2.1+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
kmod 24-1ubuntu3.5+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
kmod 22-1ubuntu5.2+esm1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
kmod 15-0ubuntu7+esm1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8226-2
https://ubuntu.com/security/notices/USN-8226-1
CVE-2026-31431



[USN-8226-1] kmod update


==========================================================================
Ubuntu Security Notice USN-8226-1
April 30, 2026

kmod update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

kmod has been updated to block loading of the algif_aead kernel module.

Software Description:
- kmod: tools for managing Linux kernel modules

Details:

It was discovered that the Linux kernel algif_aead module contained a logic
flaw allowing a local attacker to escalate privileges to root. This update
to the kmod package disables loading the algif_aead module as a measure to
mitigate the issue until kernel updates are made available.

See the following URL for more information
https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
kmod 34.2-2ubuntu1.1

Ubuntu 24.04 LTS
kmod 31+20240202-2ubuntu7.2

Ubuntu 22.04 LTS
kmod 29-1ubuntu1.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8226-1
CVE-2026-31431, https://launchpad.net/bugs/2150743

Package Information:
https://launchpad.net/ubuntu/+source/kmod/34.2-2ubuntu1.1
https://launchpad.net/ubuntu/+source/kmod/31+20240202-2ubuntu7.2
https://launchpad.net/ubuntu/+source/kmod/29-1ubuntu1.1



[USN-8218-1] zuluCrypt vulnerability


==========================================================================
Ubuntu Security Notice USN-8218-1
April 30, 2026

zulucrypt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

zuluCrypt could be made to run programs as an administrator.

Software Description:
- zulucrypt: A simple, feature rich and powerful solution for hard drives encryption

Details:

Aaron Rainbolt discovered that zuluCrypt used insecure PolicyKit
settings in zuluPolkit. An attacker could possibly use this issue to
cause local privilege escalation to root. (CVE-2025-53391)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libzulucrypt-dev 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
libzulucrypt-exe-dev 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
libzulucrypt-exe1.2.0 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
libzulucrypt-plugins 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
libzulucrypt1.2.0 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
libzulucryptpluginmanager-dev 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
libzulucryptpluginmanager1.0.0 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
zulucrypt-cli 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
zulucrypt-gui 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
zulumount-cli 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
zulumount-gui 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
zulupolkit 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro
zulusafe-cli 6.2.0-1ubuntu3+esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libzulucrypt-dev 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucrypt-exe-dev 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucrypt-exe1.2.0 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucrypt-plugins 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucrypt1.2.0 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucryptpluginmanager-dev 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucryptpluginmanager1.0.0 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
zulucrypt-cli 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
zulucrypt-gui 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
zulumount-cli 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
zulumount-gui 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
zulupolkit 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
zulusafe-cli 5.7.1-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libzulucrypt-dev 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucrypt-exe-dev 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucrypt-exe1.2.0 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucrypt-plugins 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucrypt1.2.0 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucryptpluginmanager-dev 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libzulucryptpluginmanager1.0.0 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
zulucrypt-cli 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
zulucrypt-gui 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
zulumount-cli 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
zulumount-gui 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
zulupolkit 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
zulusafe-cli 5.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libzulucrypt-dev 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
libzulucrypt-exe-dev 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
libzulucrypt-exe1.2.0 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
libzulucrypt-plugins 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
libzulucrypt1.2.0 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
libzulucryptpluginmanager-dev 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
libzulucryptpluginmanager1.0.0 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
zulucrypt-cli 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
zulucrypt-gui 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
zulumount-cli 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
zulumount-gui 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
zulupolkit 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
zulusafe-cli 5.4.0-2ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8218-1
CVE-2025-53391


Grafana, LibSSH, PackageKit, and more updates for SUSE

Visual Studio Code 1.118.1 released

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...