Alerts This Week
Warning Icon 1 652
Alerts This Week
Warning Icon 1 652

Ubuntu 24.04 LTS python-authlib Important Auth Bypass DoS USN-8065-1

ubuntu
Calendar Grey February 26, 2026
Dist Ubuntu Esm H88
Several security issues in python-authlib for Ubuntu fixed by an essential update for 22.04 and 24.04 LTS.
Several security issues were fixed in Authlib.

Summary

Several security issues were fixed in Authlib.

Software Description:

- python-authlib: Python library for building OAuth and OpenID Connect servers

Details:

Millie Solem discovered that Authlib did not properly restrict algorithm

selection during JWT verification, allowing HMAC verification with

asymmetric public keys when no algorithm was specified. A remote attacker

could possibly use this issue to bypass signature verification and forge

tokens, resulting in authentication bypass or privilege escalation.

(CVE-2024-37568)

Muhammad Noman Ilyas discovered that Authlib did not properly enforce

critical header parameter handling during JSON Web Signature verification,

leading to unknown critical parameters being incorrectly accepted. A remote

attacker could possibly use this issue to bypass security policies in mixed

deployments, resulting in authentication bypass, replay attacks, or

privilege escalation. (CVE-2025-59420)

Muhammad Noman Ilyas discovered that Authlib did not prope...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important authentication bypass python-Authlib

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  python-authlib-doc              1.3.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-authlib                 1.3.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  python-authlib-doc              0.15.5-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-authlib                 0.15.5-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8065-1

CVE-2024-37568, CVE-2025-59420, CVE-2025-61920, CVE-2025-62706,

CVE-2025-68158

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8065-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important authentication bypass python-Authlib

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here