1. Ubuntu Security Notices
  2. USN-8128-1

USN-8128-1: CryptX vulnerabilities

Publication date

26 March 2026

Overview

Several security issues were fixed in CryptX.

Releases

Packages

  • libcryptx-perl - Perl modules providing cryptography based on LibTomCrypt library

Details

It was discovered that CryptX did not verify authentication tags while
performing GCM and ChaCha20-Poly1305 decryption. An attacker could possibly
use this issue to cause CryptX to accept modified ciphertext, leading to
data integrity violations or authentication bypass. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-25099)

It was discovered that CryptX included a version of the tomcrypt library
that was susceptible to malformed unicode handling. An attacker could
possibly use this issue to cause unexpected behavior or incorrect
processing of crafted input. This issue only affected Ubuntu 18.04 LTS.
(CVE-2025-40912)

It was discovered that CryptX included a version of the libtommath library
that was susceptible to an integer overflow. An attacker could possibly use
this issue to cause memory corruption or a denial of service.
(

It was discovered that CryptX did not verify authentication tags while
performing GCM and ChaCha20-Poly1305 decryption. An attacker could possibly
use this issue to cause CryptX to accept modified ciphertext, leading to
data integrity violations or authentication bypass. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-25099)

It was discovered that CryptX included a version of the tomcrypt library
that was susceptible to malformed unicode handling. An attacker could
possibly use this issue to cause unexpected behavior or incorrect
processing of crafted input. This issue only affected Ubuntu 18.04 LTS.
(CVE-2025-40912)

It was discovered that CryptX included a version of the libtommath library
that was susceptible to an integer overflow. An attacker could possibly use
this issue to cause memory corruption or a denial of service.
(CVE-2025-40914)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 LTS noble libcryptx-perl –  0.080-2ubuntu0.1~esm1  
22.04 LTS jammy libcryptx-perl –  0.076-1ubuntu0.1~esm1  
20.04 LTS focal libcryptx-perl –  0.067-1ubuntu0.1~esm1  
18.04 LTS bionic libcryptx-perl –  0.056-1ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›