Ubuntu alert USN-7280-3 (python2.7)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7280-3] Python 2.7 regression | |
| Date: | Mon, 29 Sep 2025 13:09:01 +0000 | |
| Message-ID: | <E1v3Dcj-0004G0-PO@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7280-3 September 29, 2025 python2.7 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: USN-7280-2 introduced a regression in Python 2.7 Software Description: - python2.7: An interactive high-level object-oriented language Details: USN-7280-2 fixed vulnerabilities in Python. It was discovered that the fixes for CVE-2025-0938 and CVE-2024-11168 were incorrectly applied on Ubuntu 14.04 LTS as a result. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS libpython2.7 2.7.6-8ubuntu0.6+esm28 Available with Ubuntu Pro python2.7 2.7.6-8ubuntu0.6+esm28 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7280-3 https://ubuntu.com/security/notices/USN-7280-2 https://ubuntu.com/security/notices/USN-7280-1 CVE-2024-11168, CVE-2025-0938, https://launchpad.net/bugs/2125702
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjahHsACgkQcpJm3tlz hgE+HBAAydhWLTk6EhdaMpprodEoxoP46ndWTOGaxKboo7cth37yU5C8Xh7+lXg2 XF2CSkUIVz2o5a5zE4zZ2PdbdRskS5ykgIDXhpSzVRdHDVT0UmSsf9BTTVHzjIjx I7n2cRaTyGBk4/XEKgZU5SjTrjbxBzK9Lkol2EVXqLvt1JetJwf4lkOG/4GCIcmA hfQKtID4owXmmqFlnKq7SLP+Aju6Tq0vz6wTosmchGCOV8F1cIFKrs4NHe7BflPI Qax8NALHtLhD145PVorkytCBoSeBuHa2LdCLUpXN+wt1jAT4qnn8UVxR5OSD2E+R LZWATUgeXnRn0NWUDN+g42VcS5NJPxnsnIOAgBSppGNK2TCjG/J686RadSDdaXqv QQ3rIsVuZ31VTUDEDNqGoMTZY4z3P/K73ma2NmQgz8eaiiGN6B2z0S1cBtbKsF+6 Vc/rBvzZ6nGuaiWKiKNh/Rl+J0paQbCklRInfV/ugRUH+VwUP83Z2CsSmwdi7pWq vxbbb0OJnL30onInJHR6iG/Q8LH+oOBA4MeMIurs9pW/H+YIv8kuGzjyJyY2eF8r aJMQHmS0PkqIvFCKLFk1EA3laAkRergwBHSFCZhSovbNRA06OMY5iJkzPl9AFDj3 7iHdHo/19/PwVIuav297X/jNf5EmzeJEPHxygTuFDjcHRAi7WQA= =qCmu -----END PGP SIGNATURE-----