Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Ubuntu 14.04 LTS: Security Advisory USN-7280-3 Python 2.7 SSRF Risk

ubuntu
Calendar Grey September 29, 2025
Scroller Ubuntu
Ubuntu USN-7280-3 addresses regression in Python 2.7 affecting Ubuntu 14.04 LTS with critical SSRF threat.
USN-7280-2 introduced a regression in Python 2.7

Summary

USN-7280-2 introduced a regression in Python 2.7

Software Description:

- python2.7: An interactive high-level object-oriented language

Details:

USN-7280-2 fixed vulnerabilities in Python. It was discovered that the

fixes for CVE-2025-0938 and CVE-2024-11168 were incorrectly applied on

Ubuntu 14.04 LTS as a result. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Python incorrectly handled parsing domain names that

included square brackets. A remote attacker could possibly use this issue

to perform a Server-Side Request Forgery (SSRF) attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  libpython2.7                    2.7.6-8ubuntu0.6+esm28
                                  Available with Ubuntu Pro
  python2.7                       2.7.6-8ubuntu0.6+esm28
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7280-3

https://ubuntu.com/security/notices/USN-7280-2

https://ubuntu.com/security/notices/USN-7280-1

CVE-2024-11168, CVE-2025-0938, https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/2125702

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7280-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.