Ubuntu alert USN-7828-1 (python-ldap)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7828-1] Python LDAP vulnerabilities | |
| Date: | Mon, 20 Oct 2025 16:51:45 +0000 | |
| Message-ID: | <E1vAt6n-0006kO-D0@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7828-1 October 20, 2025 python-ldap vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Python LDAP. Software Description: - python-ldap: LDAP interface module for Python Details: It was discovered that Python LDAP incorrectly handled special characters in the special character filtering function. A remote attacker could possibly use this issue to perform LDAP injection attacks. (CVE-2025-61911) Arad Inbar discovered that Python LDAP incorrectly escaped NUL character bytes. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-61912) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-ldap 3.4.4-1ubuntu0.25.10.1 Ubuntu 25.04 python3-ldap 3.4.4-1ubuntu0.25.04.1 Ubuntu 24.04 LTS python3-ldap 3.4.4-1ubuntu0.24.04.1 Ubuntu 22.04 LTS python3-ldap 3.2.0-4ubuntu7.2 Ubuntu 20.04 LTS python3-ldap 3.2.0-4ubuntu2.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS python-ldap 3.0.0-1ubuntu0.2+esm1 Available with Ubuntu Pro python3-ldap 3.0.0-1ubuntu0.2+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS python-ldap 2.4.22-0.1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7828-1 CVE-2025-61911, CVE-2025-61912 Package Information: https://launchpad.net/ubuntu/+source/python-ldap/3.4.4-1u... https://launchpad.net/ubuntu/+source/python-ldap/3.4.4-1u... https://launchpad.net/ubuntu/+source/python-ldap/3.4.4-1u... https://launchpad.net/ubuntu/+source/python-ldap/3.2.0-4u...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmj2aFYACgkQcpJm3tlz hgHDhxAAi2nh9fZK9bqm29jiSeZ59QuKsMsixnBTju4HIING3zEC/HF+kF8bkYWh m8smMB76V1piuql9SaGwCiqdnlqlA6qIgmC4M6QNZHXy/Csg71+tdAFfSQlJ0NUN 6pOp2Dv4lwA+v5brjjqlPwtL5m2StjaBPTFaN+qk11rhqT6YjDDZbNti4bn0/vhy wAw9XZ1+mVO8YZv8sqj5ugJnXu5t7BkSOZc/wkK3zZazWYWFDqzefuhRYZb+Ojlb 42eseSU58sO9yq0jAcxcidvREqNH8fEt9PoLJtuvVAldXxRf/FruUUaOwW4VqnrE lYAYJ7vMiTO4SrZv2lO9aAQRtCVqpl9S/v6fWJJsg/2UEhZx5sKrzUA197Dmn5oS u1Z05z56dY3mHhsFV9ThMrMBpJExUw9e4+X5tCdxiakD17uThgvmLPujCOwOzZ9b cC1ZOfW6sVQuh825ZSIhQkSa88MI4kpAyH4yeWFgXuozV4sebKSv4bulCIJOPoG/ pkCd33Moppoqx8pyIOhBdbzw73aCWy9em7468NIFv98Cs9LNRO71t0xFAaIm5/WN 7h4GHer0YUF76YeeNwmIB5kDVi4QVSijlZX8tEdbbPXuVFJBX0VJffPFYMY7s6MY FjItN1W3nF30zjo0Yxi6kUuLZBz9Nl3rDw+k4SLHwOUlwSNf7+o= =ihZN -----END PGP SIGNATURE-----