Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

Ubuntu 24.04 LTS: urllib3 Important DoS Vulnerabilities USN-7927-1

ubuntu
Calendar Grey December 11, 2025
Dist Ubuntu Esm H88
Several security issues in urllib3 for Ubuntu distributions fixed. Update necessary for continuous protection against risks.
Several security issues were fixed in urllib3.

Summary

Several security issues were fixed in urllib3.

Software Description:

- python-urllib3: HTTP library with thread-safe connection pooling

Details:

Illia Volochii discovered that urllib3 did not limit the steps in a

decompression chain. An attacker could possibly use this issue to cause

urllib3 to use excessive resources, causing a denial of service.

(CVE-2025-66418)

Rui Xi discovered that urllib3 incorrectly handled highly compressed data.

An attacker could possibly use this issue to cause urllib3 to use excessive

resources, causing a denial of service. This issue only affected Ubuntu

24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471)

For the brotli encoding, the fix for CVE-2025-66471 requires an additional

security update in the brotli package.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  python3-urllib3                 2.3.0-3ubuntu0.1

Ubuntu 25.04
  python3-urllib3                 2.3.0-2ubuntu0.2

Ubuntu 24.04 LTS
  python3-urllib3                 2.0.7-1ubuntu0.3

Ubuntu 22.04 LTS
  python3-urllib3                 1.26.5-1~exp1ubuntu0.4

Ubuntu 20.04 LTS
  python3-urllib3                 1.25.8-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7927-1

CVE-2025-66418, CVE-2025-66471

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7927-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here