StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8407-1

strongSwan vulnerability

Published: Mon, 08 Jun 2026 17:28

CVE-2026-47895

Summary

strongSwan could be made to crash or run programs if it received specially crafted network traffic.

Details

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code.

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu jammy

  • strongswan5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • charon-cmd5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y charon-cmd

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • charon-systemd5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y charon-systemd

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libcharon-extauth-plugins5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libcharon-extauth-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libcharon-extra-plugins5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libcharon-extra-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan-extra-plugins5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan-extra-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan-standard-plugins5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan-standard-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-charon5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-charon

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-libcharon5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-libcharon

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-nm5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-nm

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-pki5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-pki

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-scepclient5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-scepclient

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-starter5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-starter

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-swanctl5.9.5-2ubuntu2.7apt_upgrade

    Standard apt upgrade. Install 5.9.5-2ubuntu2.7 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-swanctl

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

  • strongswan5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • charon-cmd5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y charon-cmd

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • charon-systemd5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y charon-systemd

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libcharon-extauth-plugins5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libcharon-extauth-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libcharon-extra-plugins5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libcharon-extra-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan-extra-plugins5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan-extra-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan-standard-plugins5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan-standard-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-charon5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-charon

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-libcharon5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-libcharon

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-nm5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-nm

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-pki5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-pki

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-starter5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-starter

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-swanctl5.9.13-2ubuntu4.24.04.4apt_upgrade

    Standard apt upgrade. Install 5.9.13-2ubuntu4.24.04.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-swanctl

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu questing

  • strongswan6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • charon-cmd6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y charon-cmd

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • charon-systemd6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y charon-systemd

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libcharon-extauth-plugins6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libcharon-extauth-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libcharon-extra-plugins6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libcharon-extra-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan-extra-plugins6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan-extra-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan-standard-plugins6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan-standard-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-charon6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-charon

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-libcharon6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-libcharon

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-nm6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-nm

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-pki6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-pki

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-starter6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-starter

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-swanctl6.0.1-6ubuntu4.4apt_upgrade

    Standard apt upgrade. Install 6.0.1-6ubuntu4.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-swanctl

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu resolute

  • strongswan6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • charon-cmd6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y charon-cmd

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • charon-systemd6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y charon-systemd

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libcharon-extauth-plugins6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libcharon-extauth-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libcharon-extra-plugins6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libcharon-extra-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan-extra-plugins6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan-extra-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libstrongswan-standard-plugins6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libstrongswan-standard-plugins

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-charon6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-charon

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-libcharon6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-libcharon

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-nm6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-nm

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-pki6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-pki

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-starter6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-starter

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • strongswan-swanctl6.0.4-1ubuntu3.1apt_upgrade

    Standard apt upgrade. Install 6.0.4-1ubuntu3.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y strongswan-swanctl

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8407-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8407-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →