Three Ubuntu Security Notices have been issued: USN-7956-1, USN-7957-1, and USN-7927-3. These notices address vulnerabilities in Google Guest Agent (USN-7956-1), WebKitGTK (USN-7957-1), and urllib3 (USN-7927-3). The fixes for these vulnerabilities involve updating the affected packages to new versions, which can be done through a standard system update. Users who rely on applications that use WebKitGTK, such as Epiphany, may need to restart them after updating to ensure all necessary changes are made.

[USN-7956-1] Google Guest Agent vulnerability
[USN-7957-1] WebKitGTK vulnerabilities
[USN-7927-3] urllib3 regression

[USN-7956-1] Google Guest Agent vulnerability

==========================================================================
Ubuntu Security Notice USN-7956-1
January 13, 2026

google-guest-agent vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Google Guest Agent could be made to crash if it received specially
crafted network traffic.

Software Description:
- google-guest-agent: Google Compute Engine Guest Agent

Details:

Jakub Ciolek discovered that the Go Cryptography module included in
Google Guest Agent did not validate GSSAPI authentication requests during
SSH operations. An attacker could possibly use this issue to cause a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
google-guest-agent 20250506.01-0ubuntu1.1

Ubuntu 25.04
google-guest-agent 20250116.00-0ubuntu2.2

Ubuntu 24.04 LTS
google-guest-agent 20250116.00-0ubuntu1~24.04.3

Ubuntu 22.04 LTS
google-guest-agent 20250116.00-0ubuntu1~22.04.2

Ubuntu 20.04 LTS
google-guest-agent 20250116.00-0ubuntu1~20.04.0+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
google-guest-agent 20241011.01-0ubuntu1~18.04.0+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
google-guest-agent 20240716.00-0ubuntu1~16.04.0+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7956-1
CVE-2025-58181

Package Information:
https://launchpad.net/ubuntu/+source/google-guest-agent/20250506.01-0ubuntu1.1
https://launchpad.net/ubuntu/+source/google-guest-agent/20250116.00-0ubuntu2.2
https://launchpad.net/ubuntu/+source/google-guest-agent/20250116.00-0ubuntu1~24.04.3
https://launchpad.net/ubuntu/+source/google-guest-agent/20250116.00-0ubuntu1~22.04.2

[USN-7957-1] WebKitGTK vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7957-1
January 13, 2026

webkit2gtk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description:
- webkit2gtk: Web content engine library for GTK+

Details:

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libjavascriptcoregtk-4.1-0 2.50.4-0ubuntu0.25.10.1
libjavascriptcoregtk-6.0-1 2.50.4-0ubuntu0.25.10.1
libwebkit2gtk-4.1-0 2.50.4-0ubuntu0.25.10.1
libwebkitgtk-6.0-4 2.50.4-0ubuntu0.25.10.1

Ubuntu 25.04
libjavascriptcoregtk-4.1-0 2.50.4-0ubuntu0.25.04.1
libjavascriptcoregtk-6.0-1 2.50.4-0ubuntu0.25.04.1
libwebkit2gtk-4.1-0 2.50.4-0ubuntu0.25.04.1
libwebkitgtk-6.0-4 2.50.4-0ubuntu0.25.04.1

Ubuntu 24.04 LTS
libjavascriptcoregtk-4.1-0 2.50.4-0ubuntu0.24.04.1
libjavascriptcoregtk-6.0-1 2.50.4-0ubuntu0.24.04.1
libwebkit2gtk-4.1-0 2.50.4-0ubuntu0.24.04.1
libwebkitgtk-6.0-4 2.50.4-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
libjavascriptcoregtk-4.0-18 2.50.4-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.50.4-0ubuntu0.22.04.1
libjavascriptcoregtk-6.0-1 2.50.4-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.50.4-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.50.4-0ubuntu0.22.04.1
libwebkitgtk-6.0-4 2.50.4-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7957-1
CVE-2025-14174, CVE-2025-43501, CVE-2025-43529, CVE-2025-43531,
CVE-2025-43535, CVE-2025-43536, CVE-2025-43541

Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.50.4-0ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.50.4-0ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.50.4-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.50.4-0ubuntu0.22.04.1

[USN-7927-3] urllib3 regression

==========================================================================
Ubuntu Security Notice USN-7927-3
January 13, 2026

python-urllib3 regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

USN-7927-1 introduced a regression in urllib3

Software Description:
- python-urllib3: HTTP library with thread-safe connection pooling

Details:

USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471
introduced a regression in urllib3 when decompressing zstd data. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Illia Volochii discovered that urllib3 did not limit the steps in a
decompression chain. An attacker could possibly use this issue to cause
urllib3 to use excessive resources, causing a denial of service.
(CVE-2025-66418)

Rui Xi discovered that urllib3 incorrectly handled highly compressed data.
An attacker could possibly use this issue to cause urllib3 to use
excessive resources, causing a denial of service. This issue only affected
Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471)

For the brotli encoding, the fix for CVE-2025-66471 requires an additional
security update in the brotli package.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
python3-urllib3 2.3.0-3ubuntu0.4

Ubuntu 25.04
python3-urllib3 2.3.0-2ubuntu0.5

Ubuntu 24.04 LTS
python3-urllib3 2.0.7-1ubuntu0.6

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7927-3
https://ubuntu.com/security/notices/USN-7927-2
https://ubuntu.com/security/notices/USN-7927-1
CVE-2025-66471, https://bugs.launchpad.net/bugs/2136906

Package Information:
https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-3ubuntu0.4
https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-2ubuntu0.5
https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.6