Critical strongSwan Vulnerability Exposes Multiple Ubuntu Versions to DoS and Code Execution

A vulnerability in strongSwan, discovered by Elliott Childre, affects multiple Ubuntu releases, including 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. The flaw allows remote attackers to exploit specially crafted network traffic to crash the service or potentially execute arbitrary code. Users are urged to update their systems to the latest package versions to mitigate the risk. The vulnerability is categorized as a denial of service (DoS) risk, impacting the IPsec VPN solution strongSwan. A standard system update will address the issue across the affected versions. The vulnerability has not been linked to any known active exploitation at this time. The affected package versions include strongswan 6.0.4-1ubuntu3.1 for 26.04 LTS and earlier versions for other releases.

Key Points: • strongSwan vulnerability allows remote DoS and potential code execution. • Affected Ubuntu versions include 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. • Users should update to the latest package versions to mitigate risks.