Home / mailingsPDF  

[USN-7599-1] urllib3 vulnerabilities

Posted on 26 June 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7599-1
June 25, 2025

python-urllib3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

urllib3 could be made to expose sensitive information over the network.

Software Description:
- python-urllib3: HTTP library with thread-safe connection pooling

Details:

Jacob Sandum discovered that urllib3 handled redirects even when they were
explicitly disabled while using the PoolManager. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2025-50181)

Illia Volochii discovered that urllib3 incorrectly handled retry and
redirect parameters when using Node.js. An attacker could possibly use this
issue to obtain sensitive information. This issue only affected Ubuntu
25.04. (CVE-2025-50182)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
python3-urllib3 2.3.0-2ubuntu0.1

Ubuntu 24.10
python3-urllib3 2.0.7-2ubuntu0.2

Ubuntu 24.04 LTS
python3-urllib3 2.0.7-1ubuntu0.2

Ubuntu 22.04 LTS
python3-urllib3 1.26.5-1~exp1ubuntu0.3

Ubuntu 20.04 LTS
python3-urllib3 1.25.8-2ubuntu0.4+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
python-urllib3 1.22-1ubuntu0.18.04.2+esm3
Available with Ubuntu Pro
python3-urllib3 1.22-1ubuntu0.18.04.2+esm3
Available with Ubuntu Pro

Ubuntu 16.04 LTS
python-urllib3 1.13.1-2ubuntu0.16.04.4+esm3
Available with Ubuntu Pro
python3-urllib3 1.13.1-2ubuntu0.16.04.4+esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7599-1
CVE-2025-50181, CVE-2025-50182

Package Information:
https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-2ubuntu0.2
https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.3

--===============7589605305946727634==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :