alsa-lib vulnerability
Published: Tue, 09 Jun 2026 09:23
Summary
alsa-lib could be made to crash or run programs if it opened a specially crafted file.
Details
USN-8044-1 fixed a vulnerability in alsa-lib. This update provides the corresponding fix for alsa-lib on Ubuntu 20.04 LTS. Original advisory details: It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topology file to cause alsa-lib to crash, resulting in a denial of service, or possibly execute arbitrary code.
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu focal
alsa-lib→1.2.2-2.1ubuntu2.5+esm1apt_upgradeStandard apt upgrade. Install 1.2.2-2.1ubuntu2.5+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y alsa-lib
Most apt upgrades restart their service automatically. needrestart lists anything else.
libasound2→1.2.2-2.1ubuntu2.5+esm1apt_upgradeStandard apt upgrade. Install 1.2.2-2.1ubuntu2.5+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libasound2
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8044-2?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8044-2 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.