age vulnerability
Published: Tue, 02 Jun 2026 16:24
Summary
age could be made to crash or run programs as your login if it opened a specially crafted file.
Details
It was discovered that age did not properly validate plugin names. An attacker could possibly use this issue to cause execution of an arbitrary program by supplying a crafted recipient or identity string.
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu noble
age→1.1.1-1ubuntu0.24.04.3+esm1apt_upgradeStandard apt upgrade. Install 1.1.1-1ubuntu0.24.04.3+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y age
Most apt upgrades restart their service automatically. needrestart lists anything else.
age→1.1.1-1ubuntu0.24.04.3+esm1apt_upgradeStandard apt upgrade. Install 1.1.1-1ubuntu0.24.04.3+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y age
Most apt upgrades restart their service automatically. needrestart lists anything else.
golang-filippo-age-dev→1.1.1-1ubuntu0.24.04.3+esm1apt_upgradeStandard apt upgrade. Install 1.1.1-1ubuntu0.24.04.3+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y golang-filippo-age-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8372-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8372-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.