Ubuntu 24.04 LTS pbkdf2 Important Signature Spoofing Risk USN-8452-1
ubuntu
June 25, 2026
pbkdf2 could be made to generate predictable cryptographic keys if it received specially crafted input.
Summary
pbkdf2 could be made to generate predictable cryptographic keys if it received specially crafted input.
Software Description:
- node-pbkdf2: PBKDF2 with any supported hashing algorithm in Node
Details:
Nikita Skovoroda discovered that pbkdf2 did not properly validate
certain algorithm names. An attacker could possibly use this issue to
generate predictable cryptographic keys, resulting in signature spoofing.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
node-pbkdf2 3.1.2-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
node-pbkdf2 3.1.2-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
node-pbkdf2 3.0.16-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
node-pbkdf2 3.0.14-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.References
https://ubuntu.com/security/notices/USN-8452-1
CVE-2025-6545
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8452-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!