Ubuntu 14.04 LTS: Security Advisory USN-7280-3 Python 2.7 SSRF Risk
ubuntu
September 29, 2025
USN-7280-2 introduced a regression in Python 2.7
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: USN-7280-2 introduced a regression in Python 2.7 Software Description: - python2.7: An interactive high-level object-oriented language Details: USN-7280-2 fixed vulnerabilities in Python. It was discovered that the fixes for CVE-2025-0938 and CVE-2024-11168 were incorrectly applied on Ubuntu 14.04 LTS as a result. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS libpython2.7 2.7.6-8ubuntu0.6+esm28 Available with Ubuntu Pro python2.7 2.7.6-8ubuntu0.6+esm28 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7280-3
https://ubuntu.com/security/notices/USN-7280-2
https://ubuntu.com/security/notices/USN-7280-1
CVE-2024-11168, CVE-2025-0938, https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/2125702
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7280-3
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!