[USN-7527-1] libfcgi-perl vulnerability
[USN-7280-2] Python vulnerability
[USN-7528-1] SQLite vulnerabilities
[USN-7527-1] libfcgi-perl vulnerability
MIME-Version: 1.0
==========================================================================
Ubuntu Security Notice USN-7527-1
May 22, 2025
libfcgi-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
libfcgi-perl could be made to crash or execute arbitrary code.
Software Description:
- libfcgi-perl: Fast CGI module for perl
Details:
It was discovered that libfcgi-perl incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libfcgi-perl 0.79-1ubuntu0.1
Ubuntu 18.04 LTS
libfcgi-perl 0.78-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libfcgi-perl 0.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7527-1
CVE-2025-40907
Package Information:
https://launchpad.net/ubuntu/+source/libfcgi-perl/0.79-1ubuntu0.1
[USN-7280-2] Python vulnerability
==========================================================================
Ubuntu Security Notice USN-7280-2
May 22, 2025
python vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Python could allow Server-Side Request Forgery (SSRF) attacks.
Software Description:
- python3.13: An interactive high-level object-oriented language
- python2.7: An interactive high-level object-oriented language
- python3.11: An interactive high-level object-oriented language
- python3.9: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
- python3.7: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python3.4: An interactive high-level object-oriented language
Details:
USN-7280-1 fixed a vulnerability in Python. This update provides the
corresponding updates for some additional Python packages in Ubuntu
releases.
Original advisory details:
It was discovered that Python incorrectly handled parsing domain names
that included square brackets. A remote attacker could possibly use
this issue to perform a Server-Side Request Forgery (SSRF) attack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
python3.13 3.13.0-1ubuntu0.2
python3.13-minimal 3.13.0-1ubuntu0.2
Ubuntu 22.04 LTS
python2.7 2.7.18-13ubuntu1.5+esm6
Available with Ubuntu Pro
python2.7-minimal 2.7.18-13ubuntu1.5+esm6
Available with Ubuntu Pro
python3.11 3.11.0~rc1-1~22.04.1~esm3
Available with Ubuntu Pro
python3.11-minimal 3.11.0~rc1-1~22.04.1~esm3
Available with Ubuntu Pro
Ubuntu 20.04 LTS
python2.7 2.7.18-1~20.04.7+esm7
Available with Ubuntu Pro
python2.7-minimal 2.7.18-1~20.04.7+esm7
Available with Ubuntu Pro
python3.9 3.9.5-3ubuntu0~20.04.1+esm4
Available with Ubuntu Pro
python3.9-minimal 3.9.5-3ubuntu0~20.04.1+esm4
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python2.7 2.7.17-1~18.04ubuntu1.13+esm11
Available with Ubuntu Pro
python2.7-minimal 2.7.17-1~18.04ubuntu1.13+esm11
Available with Ubuntu Pro
python3.6 3.6.9-1~18.04ubuntu1.13+esm4
Available with Ubuntu Pro
python3.6-minimal 3.6.9-1~18.04ubuntu1.13+esm4
Available with Ubuntu Pro
python3.7 3.7.5-2ubuntu1~18.04.2+esm5
Available with Ubuntu Pro
python3.7-minimal 3.7.5-2ubuntu1~18.04.2+esm5
Available with Ubuntu Pro
python3.8 3.8.0-3ubuntu1~18.04.2+esm4
Available with Ubuntu Pro
python3.8-minimal 3.8.0-3ubuntu1~18.04.2+esm4
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python2.7 2.7.12-1ubuntu0~16.04.18+esm16
Available with Ubuntu Pro
python2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm16
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python2.7 2.7.6-8ubuntu0.6+esm25
Available with Ubuntu Pro
python2.7-minimal 2.7.6-8ubuntu0.6+esm25
Available with Ubuntu Pro
python3.4 3.4.3-1ubuntu1~14.04.7+esm15
Available with Ubuntu Pro
python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm15
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7280-2
https://ubuntu.com/security/notices/USN-7280-1
CVE-2025-0938
Package Information:
https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1ubuntu0.2
[USN-7528-1] SQLite vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7528-1
May 22, 2025
sqlite3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in SQLite.
Software Description:
- sqlite3: C library that implements an SQL database engine
Details:
It was discovered that SQLite incorrectly handled the concat_ws() function.
An attacker could use this issue to cause SQLite to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-29087,
CVE-2025-3277)
It was discovered that SQLite incorrectly handled certain argument values
to sqlite3_db_config(). An attacker could use this issue to cause SQLite to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-29088)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libsqlite3-0 3.46.1-3ubuntu0.1
Ubuntu 24.10
libsqlite3-0 3.46.1-1ubuntu0.2
Ubuntu 24.04 LTS
libsqlite3-0 3.45.1-1ubuntu2.3
Ubuntu 22.04 LTS
libsqlite3-0 3.37.2-2ubuntu0.4
Ubuntu 20.04 LTS
libsqlite3-0 3.31.1-4ubuntu0.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7528-1
CVE-2025-29087, CVE-2025-29088, CVE-2025-3277
Package Information:
https://launchpad.net/ubuntu/+source/sqlite3/3.46.1-3ubuntu0.1
https://launchpad.net/ubuntu/+source/sqlite3/3.46.1-1ubuntu0.2
https://launchpad.net/ubuntu/+source/sqlite3/3.45.1-1ubuntu2.3
https://launchpad.net/ubuntu/+source/sqlite3/3.37.2-2ubuntu0.4
https://launchpad.net/ubuntu/+source/sqlite3/3.31.1-4ubuntu0.7
