Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Ubuntu 24.04 LTS: urllib3 Important DoS Vulnerabilities USN-7927-1

Calendar Dec 11, 2025 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important python urllib3
Several security issues were fixed in urllib3. 
==========================================================================
Ubuntu Security Notice USN-7927-1
December 11, 2025

python-urllib3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in urllib3.

Software Description:
- python-urllib3: HTTP library with thread-safe connection pooling

Details:

Illia Volochii discovered that urllib3 did not limit the steps in a
decompression chain. An attacker could possibly use this issue to cause
urllib3 to use excessive resources, causing a denial of service.
(CVE-2025-66418)

Rui Xi discovered that urllib3 incorrectly handled highly compressed data.
An attacker could possibly use this issue to cause urllib3 to use excessive
resources, causing a denial of service. This issue only affected Ubuntu
24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471)

For the brotli encoding, the fix for CVE-2025-66471 requires an additional
security update in the brotli package.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  python3-urllib3                 2.3.0-3ubuntu0.1

Ubuntu 25.04
  python3-urllib3                 2.3.0-2ubuntu0.2

Ubuntu 24.04 LTS
  python3-urllib3                 2.0.7-1ubuntu0.3

Ubuntu 22.04 LTS
  python3-urllib3                 1.26.5-1~exp1ubuntu0.4

Ubuntu 20.04 LTS
  python3-urllib3                 1.25.8-2ubuntu0.4+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7927-1
  CVE-2025-66418, CVE-2025-66471

Package Information:
  https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-3ubuntu0.1
  https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-2ubuntu0.2
  https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.3
  https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.4

Ubuntu 24.04 LTS: urllib3 Important DoS Vulnerabilities USN-7927-1

ubuntu
Calendar Grey December 11, 2025
Dist Ubuntu Esm H88
Several security issues in urllib3 for Ubuntu distributions fixed. Update necessary for continuous protection against risks.
Several security issues were fixed in urllib3.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in urllib3. Software Description: - python-urllib3: HTTP library with thread-safe connection pooling Details: Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. (CVE-2025-66418) Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471) For the brotli encoding, the fix for CVE-2025-66471 requires an additional security update in the brotli package.

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important python urllib3

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-urllib3 2.3.0-3ubuntu0.1 Ubuntu 25.04 python3-urllib3 2.3.0-2ubuntu0.2 Ubuntu 24.04 LTS python3-urllib3 2.0.7-1ubuntu0.3 Ubuntu 22.04 LTS python3-urllib3 1.26.5-1~exp1ubuntu0.4 Ubuntu 20.04 LTS python3-urllib3 1.25.8-2ubuntu0.4+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7927-1

CVE-2025-66418, CVE-2025-66471

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7927-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important python urllib3

Package Information

https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-3ubuntu0.1 https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-2ubuntu0.2 https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.3 https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here