[USN-8130-1] GStreamer Base Plugins vulnerability
[USN-8129-1] pyasn1 vulnerability
[USN-8131-1] GStreamer Good Plugins vulnerabilities
[USN-8132-1] Roundcube Webmail vulnerabilities
[USN-8133-1] PyJWT vulnerability
[USN-8130-1] GStreamer Base Plugins vulnerability
==========================================================================
Ubuntu Security Notice USN-8130-1
March 30, 2026
gst-plugins-base1.0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
GStreamer Base Plugins could be made to crash or run programs if it opened
a specially crafted file.
Software Description:
- gst-plugins-base1.0: GStreamer plugins
Details:
It was discovered that GStreamer Base Plugins incorrectly handled certain
AVI media files. A remote attacker could use this issue to cause GStreamer
Base Plugins to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
gstreamer1.0-plugins-base 1.26.6-1ubuntu0.1
gstreamer1.0-plugins-base-apps 1.26.6-1ubuntu0.1
libgstreamer-plugins-base1.0-0 1.26.6-1ubuntu0.1
Ubuntu 24.04 LTS
gstreamer1.0-plugins-base 1.24.2-1ubuntu0.4
gstreamer1.0-plugins-base-apps 1.24.2-1ubuntu0.4
libgstreamer-plugins-base1.0-0 1.24.2-1ubuntu0.4
Ubuntu 22.04 LTS
gstreamer1.0-plugins-base 1.20.1-1ubuntu0.6
gstreamer1.0-plugins-base-apps 1.20.1-1ubuntu0.6
libgstreamer-plugins-base1.0-0 1.20.1-1ubuntu0.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8130-1
CVE-2026-2921
Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.26.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.24.2-1ubuntu0.4
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.20.1-1ubuntu0.6
[USN-8129-1] pyasn1 vulnerability
==========================================================================
Ubuntu Security Notice USN-8129-1
March 30, 2026
pyasn1 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
pyasn1 could be made to consume resources and crash if it received
specially crafted input.
Software Description:
- pyasn1: ASN.1 library for Python
Details:
It was discovered that pyasn1 incorrectly handled recursion when decoding
ASN.1 data. An attacker could use this issue to cause pyasn1 to consume
resources, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
python3-pyasn1 0.6.1-1ubuntu0.2
Ubuntu 24.04 LTS
python3-pyasn1 0.4.8-4ubuntu0.2
Ubuntu 22.04 LTS
python3-pyasn1 0.4.8-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8129-1
CVE-2026-30922
Package Information:
https://launchpad.net/ubuntu/+source/pyasn1/0.6.1-1ubuntu0.2
https://launchpad.net/ubuntu/+source/pyasn1/0.4.8-4ubuntu0.2
https://launchpad.net/ubuntu/+source/pyasn1/0.4.8-1ubuntu0.2
[USN-8131-1] GStreamer Good Plugins vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8131-1
March 30, 2026
gst-plugins-good1.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in GStreamer Good Plugins.
Software Description:
- gst-plugins-good1.0: GStreamer plugins
Details:
It was discovered that GStreamer Good Plugins incorrectly handled certain
X-QDM RTP payloads. A remote attacker could use this issue to cause
GStreamer Good Plugins to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
gstreamer1.0-plugins-good 1.26.5-1ubuntu2.1
libgstreamer-plugins-good1.0-0 1.26.5-1ubuntu2.1
Ubuntu 24.04 LTS
gstreamer1.0-plugins-good 1.24.2-1ubuntu1.3
libgstreamer-plugins-good1.0-0 1.24.2-1ubuntu1.3
Ubuntu 22.04 LTS
gstreamer1.0-plugins-good 1.20.3-0ubuntu1.5
libgstreamer-plugins-good1.0-0 1.20.3-0ubuntu1.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8131-1
CVE-2026-3083, CVE-2026-3085
Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.26.5-1ubuntu2.1
https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.24.2-1ubuntu1.3
https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.20.3-0ubuntu1.5
[USN-8132-1] Roundcube Webmail vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8132-1
March 30, 2026
roundcube vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Roundcube Webmail.
Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack
Details:
It was discovered that Roundcube Webmail did not properly sanitize
certain HTML elements within the e-mail body. An attacker could possibly
use this issue to cause a cross-site scripting attack. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-4068, CVE-2016-4069)
It was discovered that Roundcube Webmail did not properly handle certain
configuration parameters. An attacker could possibly use this issue to
execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2016-9920)
It was discovered that Roundcube Webmail did not properly sanitize CSS styles
within SVG documents. An attacker could possibly use this issue to cause
a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2017-6820)
It was discovered that Roundcube Webmail did not properly restrict exec call in
certain drivers of the password plugin. An authenticated user could possibly
use this issue to perform arbitrary password resets. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2017-8114)
It was discovered that Roundcube Webmail did not properly set file permissions within
the Enigma plugin. An attacker could possibly use this issue to exfiltrate GPG private
keys via network connectivity. (CVE-2018-1000071)
It was discovered that Roundcube Webmail did not properly handle GnuPG MDC
integrity-protection warnings. An attacker could possibly use this issue to obtain
sensitive information from encrypted communications. (CVE-2018-19205)
It was discovered that Roundcube Webmail did not properly sanitize and
tags within HTML attachments. An attacker could possibly use this issue to cause a
cross-site scripting attack. (CVE-2018-19206)
It was discovered that Roundcube Webmail did not properly handle partially encrypted
multipart messages. An attacker could possibly use this issue to cause
leaking of the plaintext of encrypted messages via an email reply. (CVE-2019-10740)
It was discovered that Roundcube Webmail did not properly sanitize a certain parameter
within the archive plugin. An attacker could possibly use this issue to perform an
IMAP injection attack. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2018-9846)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
roundcube-core 1.3.6+dfsg.1-1ubuntu0.1~esm7
Available with Ubuntu Pro
roundcube-plugins 1.3.6+dfsg.1-1ubuntu0.1~esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
roundcube-core 1.2~beta+dfsg.1-0ubuntu1+esm7
Available with Ubuntu Pro
roundcube-plugins 1.2~beta+dfsg.1-0ubuntu1+esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8132-1
CVE-2016-4068, CVE-2016-4069, CVE-2016-9920, CVE-2017-6820,
CVE-2017-8114, CVE-2018-1000071, CVE-2018-19205, CVE-2018-19206,
CVE-2018-9846, CVE-2019-10740
[USN-8133-1] PyJWT vulnerability
==========================================================================
Ubuntu Security Notice USN-8133-1
March 30, 2026
pyjwt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
PyJWT could allow unintended access to network services.
Software Description:
- pyjwt: Python 3 implementation of JSON Web Token
Details:
It was discovered that PyJWT did not validate the critical header
parameter, contrary to the RFC specification expectations. A remote
attacker could possibly use this issue to bypass certain authentication
checks and restrictions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
python3-jwt 2.10.1-2ubuntu0.1
Ubuntu 24.04 LTS
python3-jwt 2.7.0-1ubuntu0.1
Ubuntu 22.04 LTS
python3-jwt 2.3.0-1ubuntu0.3
Ubuntu 20.04 LTS
python3-jwt 1.7.1-2ubuntu2.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python-jwt 1.5.3+ds1-1ubuntu0.1+esm1
Available with Ubuntu Pro
python3-jwt 1.5.3+ds1-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-jwt 1.3.0-1ubuntu0.1+esm1
Available with Ubuntu Pro
python3-jwt 1.3.0-1ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8133-1
CVE-2026-32597
Package Information:
https://launchpad.net/ubuntu/+source/pyjwt/2.10.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/pyjwt/2.7.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/pyjwt/2.3.0-1ubuntu0.3
