Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 24.04 LTS Filelock Important Symlink DoS 2026-22701

ubuntu
Calendar Grey February 3, 2026
Dist Ubuntu Esm H88
Several security issues were fixed in Filelock affecting multiple Ubuntu LTS releases. Critical updates are recommended.
Several security issues were fixed in Filelock.

Summary

Several security issues were fixed in Filelock.

Software Description:

- python-filelock: A platform-independent file lock for Python

Details:

It was discovered that Filelock incorrectly handled symlinks in temp files.

A local attacker could possibly use this issue to cause lock operations to

fail or behave unexpectedly. (CVE-2026-22701)

It was discovered that the file locking implementation in the Filelock

package contained a race condition. A local attacker could possibly use

this to cause a denial of service or corrupt arbitrary user files.

(CVE-2025-68146)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  python3-filelock                3.13.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  python3-filelock                3.6.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  python3-filelock                3.0.12-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  python-filelock                 3.0.4-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-filelock                3.0.4-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7999-1

CVE-2025-68146, CVE-2026-22701

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7999-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here