|
|
Log in / Subscribe / Register

Ubuntu alert USN-7999-1 (python-filelock)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7999-1] Filelock vulnerabilities


Date:
              Tue, 03 Feb 2026 22:51:17 +0000


Message-ID:
              <E1vnPEr-0002gR-Cx@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7999-1
February 02, 2026

python-filelock vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Filelock.

Software Description:
- python-filelock: A platform-independent file lock for Python

Details:

It was discovered that Filelock incorrectly handled symlinks in temp files.
A local attacker could possibly use this issue to cause lock operations to
fail or behave unexpectedly. (CVE-2026-22701)

It was discovered that the file locking implementation in the Filelock
package contained a race condition. A local attacker could possibly use
this to cause a denial of service or corrupt arbitrary user files.
(CVE-2025-68146)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  python3-filelock                3.13.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  python3-filelock                3.6.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  python3-filelock                3.0.12-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  python-filelock                 3.0.4-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-filelock                3.0.4-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7999-1
  CVE-2025-68146, CVE-2026-22701




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmCemsACgkQcpJm3tlz
hgExwg//WU8EyV/wFiMdvkKWUuaov7gveyTjf7Fi6TH+YpQAhAaylbLJ4SM3bgeA
HawhiB6JIpwAvGvf0ZPL9xh3x0vO3t6Zpld8YiRWPQIUXakRtTsQxHjz9gzw2lG+
IGPyW0usvf3VpcBYss2p1TqiKmqjBFFyh+O4pJn++Gt9pXiO3FDuDpvUOFZdPbde
+E+y8dt3YYHdAOWUR89HNwzbD/Ko4yK7hsYDObiFUB81pzkOy4BQuXVs8vH9q+2v
gXkSAH3IxUUXhDDQ5AgunXhc6fmWwZOmhOagUB3NOyc+8YpRv0noem5iWQwP2Mzl
mmw+X2GHgzmvslmrQ6UmMrsfKKWs8MqVOHnz4zrNWd70hXVhxKKVImUj8nn60uq6
TwX8hjDz34vQLyXlbMDqOiDeohqZ51PisjrvrwtYOHSUgjPN7eMD72kZ7yZ4WOWM
xeKrHzs+hZot0z79wM/x56ItqLqgDR70QzcOJUIiCDig12LJjKoPqkxdwhs54Uri
auw6LnwVURTgWD48Slqflb3dZ8ITzQCRwFhxsVSPYxsKjZvTaTNWFQ8ImeP74hj0
KawukOomJiS4FBTaEIFwo3aaxzENwIQoPiMA3dQKOxBt3bc08o++l89AcswwtSGn
5JjTVU2AP97eIwSwN/Xh4XwUpNob/1gXHqT1DBKdjjxGtgfA2F8=
=0+Yb
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds