Ubuntu has released two security notices to address vulnerabilities in its Freeglut and FFmpeg software packages. The first notice (USN-7870-1) affects 8 Ubuntu releases, including Ubuntu 25.10 and 25.04, due to memory management issues in Freeglut that could lead to denial of service attacks. The second notice (USN-7871-1) only affects Ubuntu 25.10 and 25.04, as FFmpeg's ALS audio decoder has a vulnerability that can cause the software to crash when opening a specially crafted file.

[USN-7870-1] Freeglut vulnerabilities
[USN-7871-1] FFmpeg vulnerability

[USN-7870-1] Freeglut vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7870-1
November 17, 2025

freeglut vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Freeglut.

Software Description:
- freeglut: Free implementation of the OpenGL Utility Toolkit (GLUT)

Details:

It was discovered that Freeglut incorrectly managed memory, resulting in a
memory leak. An attacker could possibly use this issue to cause a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libglut-dev 3.4.0-5ubuntu0.1
libglut3.12 3.4.0-5ubuntu0.1

Ubuntu 25.04
libglut-dev 3.4.0-4ubuntu0.1
libglut3.12 3.4.0-4ubuntu0.1

Ubuntu 24.04 LTS
libglut-dev 3.4.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libglut3.12 3.4.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
freeglut3 2.8.1-6ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
freeglut3 2.8.1-3ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
freeglut3-dev 2.8.1-3ubuntu0.20.04.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
freeglut3 2.8.1-3ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
freeglut3-dev 2.8.1-3ubuntu0.18.04.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
freeglut3 2.8.1-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
freeglut3 2.8.1-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7870-1
CVE-2024-24258, CVE-2024-24259

Package Information:
https://launchpad.net/ubuntu/+source/freeglut/3.4.0-5ubuntu0.1
https://launchpad.net/ubuntu/+source/freeglut/3.4.0-4ubuntu0.1

[USN-7871-1] FFmpeg vulnerability

==========================================================================
Ubuntu Security Notice USN-7871-1
November 16, 2025

ffmpeg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04

Summary:

FFmpeg could be made to crash if it opened a specially crafted
file.

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

It was discovered that FFmpeg incorrectly handled memory allocation in the
ALS audio decoder. If a user was tricked into loading a crafted media file,
a remote attacker could possibly use this issue to make FFmpeg crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
ffmpeg 7:7.1.1-1ubuntu4.1
libavcodec61 7:7.1.1-1ubuntu4.1
libavformat61 7:7.1.1-1ubuntu4.1

Ubuntu 25.04
ffmpeg 7:7.1.1-1ubuntu1.3
libavcodec61 7:7.1.1-1ubuntu1.3
libavformat61 7:7.1.1-1ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7871-1
CVE-2025-7700

Package Information:
https://launchpad.net/ubuntu/+source/ffmpeg/7:7.1.1-1ubuntu4.1
https://launchpad.net/ubuntu/+source/ffmpeg/7:7.1.1-1ubuntu1.3