USN-8372-1: age vulnerability
Publication date
2 June 2026
Overview
age could be made to crash or run programs as your login if it opened a specially crafted file.
Releases
Packages
- age - A simple, modern and secure file encryption tool, format, and Go library.
Details
It was discovered that age did not properly validate plugin names. An
attacker could possibly use this issue to cause execution of an
arbitrary program by supplying a crafted recipient or identity string.
It was discovered that age did not properly validate plugin names. An
attacker could possibly use this issue to cause execution of an
arbitrary program by supplying a crafted recipient or identity string.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 24.04 LTS noble | age – 1.1.1-1ubuntu0.24.04.3+esm1 | ||
| golang-filippo-age-dev – 1.1.1-1ubuntu0.24.04.3+esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.