Ubuntu alert USN-8027-1 (python-multipart)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8027-1] Python-Multipart vulnerabilities | |
| Date: | Wed, 11 Feb 2026 17:46:38 +0000 | |
| Message-ID: | <E1vqEIQ-0002lf-7X@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8027-1 February 11, 2026 python-multipart vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Python-Multipart. Software Description: - python-multipart: A streaming multipart parser for Python. Details: It was discovered that Python-Multipart incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Python-Multipart to consume excessive resources, leading to a regular expression denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-24762) It was discovered that Python-Multipart did not properly sanitize line breaks during user input. An attacker could use this issue to send arbitrary input, thus preventing other requests from being processed, resulting in a denial of service. This issue was only fixed in Ubuntu 24.04 LTS. (CVE-2024-53981) It was discovered that Python-Multipart was vulnerable to path traversal attacks. An attacker could possibly craft and upload files outside the target directory, resulting in remote code execution. (CVE-2026-24486) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-multipart 0.0.9-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS python3-multipart 0.0.5-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8027-1 CVE-2024-24762, CVE-2024-53981, CVE-2026-24486
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmMwGwACgkQcpJm3tlz hgHGGRAAwYtV8Ge3dnFsbTavRWRhrc7X9hRL/39BsXjIVaKvTmvE+o0Hj05FHUWY QXkapxxXQR8oZxqHDdpLAvXAmemxaka7bx3o9tR9ewWzRrDC0akoYWsk3kdk8L1n kGI+s1zzKeE/OaR2GbO8foR8qpGM9/EsDRflS4r+f0pKxdVIlDmqwmaP/m3TpD4f jBWdp6P4XTQJjXw9OJqvkHIbdHWR5hONdNUS8QIjmsoq9NbP00FUA14vT5Awksga D6Gy7NmsYSkGWa2VYzP7UPnB0lNgulubs8eg+NIcNtZyXf+mMfoRQyoCNrLvg5lt s4WE4Z45IYyuAu19lu+ZE7Eg2TD3gBgZqhAwX3Z8p7mLYNcRA+Lw2ViifKNVUGVf 8mlPSMdZ4l8BDDs41+F5bocBWNc68ieU/SnBLM9l3M+BgXoCpumEfSCLOYM5hUBL lychUNBtFTofsIxJNVsd043J9ZrwwExSBrx1A/a5hSKZA3ufbGML+0xJTk7fYTOb oCoZjmqP9LK1BylmSeV78HUyYaOU61rL3SM8/d+ceXBc5m58VrGPrcSCR9ZFlnq3 8vqcQCNphXSxvZXjOEiCLr/79bgSWImR3NkIf+G0hfm1ghIRqCAz18vvGxJ3HL12 9JuQkNCRrtG5HF2FcrvlbbivMW1yONKaSBg88Fo8fPtwIvI9GdI= =G8OT -----END PGP SIGNATURE-----