[USN-7837-1] GStreamer Good Plugins vulnerability
[USN-7841-1] strongSwan vulnerability
[USN-7840-1] Ruby vulnerabilities
[USN-7829-4] Linux kernel (AWS) vulnerabilities
[USN-7837-1] GStreamer Good Plugins vulnerability
==========================================================================
Ubuntu Security Notice USN-7837-1
October 22, 2025
gst-plugins-good1.0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
GStreamer Good Plugins could be made to crash as your login if it opened a
specially crafted file.
Software Description:
- gst-plugins-good1.0: GStreamer plugins
Details:
Shaun Mirani discovered that GStreamer Good Plugins incorrectly handled
certain malformed media files. An attacker could possibly use this issue to
cause GStreamer Good Plugins to crash, resulting in a denial of service, or
disclose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
gstreamer1.0-gtk3 1.16.3-0ubuntu1.3+esm1
Available with Ubuntu Pro
gstreamer1.0-plugins-good 1.16.3-0ubuntu1.3+esm1
Available with Ubuntu Pro
gstreamer1.0-pulseaudio 1.16.3-0ubuntu1.3+esm1
Available with Ubuntu Pro
gstreamer1.0-qt5 1.16.3-0ubuntu1.3+esm1
Available with Ubuntu Pro
libgstreamer-plugins-good1.0-0 1.16.3-0ubuntu1.3+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gstreamer1.0-gtk3 1.14.5-0ubuntu1~18.04.3+esm1
Available with Ubuntu Pro
gstreamer1.0-plugins-good 1.14.5-0ubuntu1~18.04.3+esm1
Available with Ubuntu Pro
gstreamer1.0-pulseaudio 1.14.5-0ubuntu1~18.04.3+esm1
Available with Ubuntu Pro
gstreamer1.0-qt5 1.14.5-0ubuntu1~18.04.3+esm1
Available with Ubuntu Pro
libgstreamer-plugins-good1.0-0 1.14.5-0ubuntu1~18.04.3+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7837-1
CVE-2025-47219
[USN-7841-1] strongSwan vulnerability
==========================================================================
Ubuntu Security Notice USN-7841-1
October 27, 2025
strongswan vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
strongSwan client could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
- strongswan: IPsec VPN solution
Details:
Xu Biang discovered that the strongSwan client incorrectly handled
EAP-MSCHAPv2 failure requests. If a user or automated system were tricked
into connecting to a malicious server, a remote attacker could use this
issue to cause strongSwan to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libstrongswan 6.0.1-6ubuntu4.1
strongswan 6.0.1-6ubuntu4.1
Ubuntu 25.04
libstrongswan 5.9.13-2ubuntu4.25.04.1
strongswan 5.9.13-2ubuntu4.25.04.1
Ubuntu 24.04 LTS
libstrongswan 5.9.13-2ubuntu4.24.04.1
strongswan 5.9.13-2ubuntu4.24.04.1
Ubuntu 22.04 LTS
libstrongswan 5.9.5-2ubuntu2.4
strongswan 5.9.5-2ubuntu2.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7841-1
CVE-2025-62291
Package Information:
https://launchpad.net/ubuntu/+source/strongswan/6.0.1-6ubuntu4.1
https://launchpad.net/ubuntu/+source/strongswan/5.9.13-2ubuntu4.25.04.1
https://launchpad.net/ubuntu/+source/strongswan/5.9.13-2ubuntu4.24.04.1
https://launchpad.net/ubuntu/+source/strongswan/5.9.5-2ubuntu2.4
[USN-7840-1] Ruby vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7840-1
October 27, 2025
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Ruby.
Software Description:
- ruby2.7: Object-oriented scripting language
- ruby2.5: Object-oriented scripting language
- ruby2.3: Object-oriented scripting language
Details:
It was discovered that the REXML module bunded into Ruby incorrectly
handled parsing XML documents with repeated instances of certain
characters. An attacker could possibly use this issue to cause REXML to
consume excessive resources, leading to a denial of service. Ubuntu 18.04
LTS and Ubuntu 20.04 LTS were previously addressed in USN-7256-1 and
USN-7734-1. This update addresses the issue in Ubuntu 16.04 LTS.
(CVE-2024-35176)
It was discovered that the REXML module bunded into Ruby incorrectly
handled parsing XML documents with repeated instances of certain
characters. An attacker could possibly use this issue to cause REXML to
consume excessive resources, leading to a denial of service. Ubuntu 20.04
LTS was previously addressed in USN-7256-1. This update addresses the issue
in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-39908, CVE-2024-41123)
It was discovered that the REXML module bunded into Ruby incorrectly
handled parsing XML documents with many entity expansions. An attacker
could possibly use this issue to cause REXML to consume excessive
resources, leading to a denial of service. Ubuntu 20.04 LTS was previously
addressed in USN-7091-2. This update addresses the issue in Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. (CVE-2024-41946)
It was discovered that the WEBrick module bundled into Ruby incorrectly
handled having both a Content-Length header and a Transfer-Encoding header.
A remote attacker could possibly use this issue to perform a HTTP request
smuggling attack. (CVE-2024-47220)
It was discovered that the WEBrick module bundled into Ruby incorrectly
parsed HTTP headers. In configurations where the WEBrick module is placed
behind an HTTP proxy, a remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2025-6442)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libruby2.7 2.7.0-5ubuntu1.18+esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libruby2.5 2.5.1-1ubuntu1.16+esm6
Available with Ubuntu Pro
ruby2.5 2.5.1-1ubuntu1.16+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libruby2.3 2.3.1-2~ubuntu16.04.16+esm11
Available with Ubuntu Pro
ruby2.3 2.3.1-2~ubuntu16.04.16+esm11
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7840-1
CVE-2024-35176, CVE-2024-39908, CVE-2024-41123, CVE-2024-41946,
CVE-2024-47220, CVE-2025-6442
[USN-7829-4] Linux kernel (AWS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7829-4
October 27, 2025
linux-aws-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- Netlink;
(CVE-2024-26700, CVE-2025-38727, CVE-2023-52593, CVE-2024-26896)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.15.0-1095-aws 5.15.0-1095.102~20.04.1
Available with Ubuntu Pro
linux-image-aws 5.15.0.1095.102~20.04.1
Available with Ubuntu Pro
linux-image-aws-5.15 5.15.0.1095.102~20.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7829-4
https://ubuntu.com/security/notices/USN-7829-3
https://ubuntu.com/security/notices/USN-7829-2
https://ubuntu.com/security/notices/USN-7829-1
CVE-2023-52593, CVE-2024-26700, CVE-2024-26896, CVE-2025-38727
