Ubuntu 24.10 introduces USN-7280-2 addressing critical Python SSRF flaw
May 22, 2025
•
LinuxSecurity Advisories
2 - 4 min read
Topics Covered
Python could allow Server-Side Request Forgery (SSRF) attacks.
========================================================================== Ubuntu Security Notice USN-7280-2 May 22, 2025 python vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Python could allow Server-Side Request Forgery (SSRF) attacks. Software Description: - python3.13: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.11: An interactive high-level object-oriented language - python3.9: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Details: USN-7280-1 fixed a vulnerability in Python. This update provides the corresponding updates for some additional Python packages in Ubuntu releases. Original advisory details: It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 python3.13 3.13.0-1ubuntu0.2 python3.13-minimal 3.13.0-1ubuntu0.2 Ubuntu 22.04 LTS python2.7 2.7.18-13ubuntu1.5+esm6 Available with Ubuntu Pro python2.7-minimal 2.7.18-13ubuntu1.5+esm6 Available with Ubuntu Pro python3.11 3.11.0~rc1-1~22.04.1~esm3 Available with Ubuntu Pro python3.11-minimal 3.11.0~rc1-1~22.04.1~esm3 Available with Ubuntu Pro Ubuntu 20.04 LTS python2.7 2.7.18-1~20.04.7+esm7 Available with Ubuntu Pro python2.7-minimal 2.7.18-1~20.04.7+esm7 Available with Ubuntu Pro python3.9 3.9.5-3ubuntu0~20.04.1+esm4 Available with Ubuntu Pro python3.9-minimal 3.9.5-3ubuntu0~20.04.1+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS python2.7 2.7.17-1~18.04ubuntu1.13+esm11 Available with Ubuntu Pro python2.7-minimal 2.7.17-1~18.04ubuntu1.13+esm11 Available with Ubuntu Pro python3.6 3.6.9-1~18.04ubuntu1.13+esm4 Available with Ubuntu Pro python3.6-minimal 3.6.9-1~18.04ubuntu1.13+esm4 Available with Ubuntu Pro python3.7 3.7.5-2ubuntu1~18.04.2+esm5 Available with Ubuntu Pro python3.7-minimal 3.7.5-2ubuntu1~18.04.2+esm5 Available with Ubuntu Pro python3.8 3.8.0-3ubuntu1~18.04.2+esm4 Available with Ubuntu Pro python3.8-minimal 3.8.0-3ubuntu1~18.04.2+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS python2.7 2.7.12-1ubuntu0~16.04.18+esm16 Available with Ubuntu Pro python2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm16 Available with Ubuntu Pro Ubuntu 14.04 LTS python2.7 2.7.6-8ubuntu0.6+esm25 Available with Ubuntu Pro python2.7-minimal 2.7.6-8ubuntu0.6+esm25 Available with Ubuntu Pro python3.4 3.4.3-1ubuntu1~14.04.7+esm15 Available with Ubuntu Pro python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm15 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7280-2 https://ubuntu.com/security/notices/USN-7280-1 CVE-2025-0938 Package Information: https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1ubuntu0.2
PREVIOUS
NEXT
Ubuntu 24.10 introduces USN-7280-2 addressing critical Python SSRF flaw
ubuntu
May 22, 2025
Python could allow Server-Side Request Forgery (SSRF) attacks.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Python could allow Server-Side Request Forgery (SSRF) attacks. Software Description: - python3.13: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.11: An interactive high-level object-oriented language - python3.9: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Details: USN-7280-1 fixed a vulnerability in Python. This update provides the corresponding updates for some additional Python packages in Ubuntu releases. Original advis...
Read the Full Advisory
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 python3.13 3.13.0-1ubuntu0.2 python3.13-minimal 3.13.0-1ubuntu0.2 Ubuntu 22.04 LTS python2.7 2.7.18-13ubuntu1.5+esm6 Available with Ubuntu Pro python2.7-minimal 2.7.18-13ubuntu1.5+esm6 Available with Ubuntu Pro python3.11 3.11.0~rc1-1~22.04.1~esm3 Available with Ubuntu Pro python3.11-minimal 3.11.0~rc1-1~22.04.1~esm3 Available with Ubuntu Pro Ubuntu 20.04 LTS python2.7 2.7.18-1~20.04.7+esm7 Available with Ubuntu Pro python2.7-minimal 2.7.18-1~20.04.7+esm7 Available with Ubuntu Pro python3.9 3.9.5-3ubuntu0~20.04.1+esm4 Available with Ubuntu Pro python3.9-minimal 3.9.5-3ubuntu0~20.04.1+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS python2.7 2.7.17-1~18.04ubuntu1.13+esm11 Available with Ubuntu Pro python2.7-minimal 2.7.17-1~18.04ubuntu1.13+esm11 Available with Ubuntu Pro python3.6 3.6.9-1~18.04ubuntu1.13+esm4 Available with Ubuntu Pro python3.6-minimal 3.6.9-1~18.04ubuntu1.13+esm4 Available with Ubuntu Pro python3.7 3.7.5-2ubuntu1~18.04.2+esm5 Available with Ubuntu Pro python3.7-minimal 3.7.5-2ubuntu1~18.04.2+esm5 Available with Ubuntu Pro python3.8 3.8.0-3ubuntu1~18.04.2+esm4 Available with Ubuntu Pro python3.8-minimal 3.8.0-3ubuntu1~18.04.2+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS python2.7 2.7.12-1ubuntu0~16.04.18+esm16 Available with Ubuntu Pro python2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm16 Available with Ubuntu Pro Ubuntu 14.04 LTS python2.7 2.7.6-8ubuntu0.6+esm25 Available with Ubuntu Pro python2.7-minimal 2.7.6-8ubuntu0.6+esm25 Available with Ubuntu Pro python3.4 3.4.3-1ubuntu1~14.04.7+esm15 Available with Ubuntu Pro python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm15 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7280-2
https://ubuntu.com/security/notices/USN-7280-1
CVE-2025-0938
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7280-2
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1ubuntu0.2
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!