[USN-7567-1] ModSecurity vulnerabilities
[USN-7570-1] Python vulnerabilities
[USN-7536-2] cifs-utils regression
[USN-7568-1] Requests vulnerabilities
[USN-7569-1] Dojo vulnerabilities
[USN-7555-2] Django vulnerability
[USN-7571-1] c3p0 vulnerability
[USN-7567-1] ModSecurity vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7567-1
June 13, 2025
modsecurity-apache vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in ModSecurity.
Software Description:
- modsecurity-apache: Tighten web applications security for Apache
Details:
Simon Studer discovered that ModSecurity incorrectly handled certain
JSON objects. An attacker could possibly use this issue to cause a denial
of service. (CVE-2025-47947)
It was discovered that ModSecurity incorrectly handled requests when
parsing certain form data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-48866)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libapache2-mod-security2 2.9.8-1.1ubuntu0.1
Ubuntu 24.10
libapache2-mod-security2 2.9.7-1ubuntu0.24.10.1
Ubuntu 24.04 LTS
libapache2-mod-security2 2.9.7-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libapache2-mod-security2 2.9.5-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libapache2-mod-security2 2.9.3-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libapache2-mod-security2 2.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libapache2-mod-security2 2.9.0-1ubuntu0.1~esm2
Available with Ubuntu Pro
libapache2-modsecurity 2.9.0-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libapache2-mod-security2 2.7.7-2ubuntu0.1~esm2
Available with Ubuntu Pro
libapache2-modsecurity 2.7.7-2ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7567-1
CVE-2025-47947, CVE-2025-48866
Package Information:
https://launchpad.net/ubuntu/+source/modsecurity-apache/2.9.8-1.1ubuntu0.1
https://launchpad.net/ubuntu/+source/modsecurity-apache/2.9.7-1ubuntu0.24.10.1
[USN-7570-1] Python vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7570-1
June 16, 2025
python3.13, python3.12, python3.11, python3.10, python3.9, python3.8,
python3.7, python3.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Python could be made to crash or expose sensitive information.
Software Description:
- python3.13: An interactive high-level object-oriented language
- python3.12: An interactive high-level object-oriented language
- python3.10: An interactive high-level object-oriented language
- python3.11: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python3.9: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
- python3.7: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled certain unicode
characters during decoding. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-4516)
It was discovered that Python incorrectly handled unicode encoding of email
headers with list separators in folded lines. An attacker could possibly
use this issue to expose sensitive information. (CVE-2025-1795)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libpython3.13 3.13.3-1ubuntu0.1
libpython3.13-minimal 3.13.3-1ubuntu0.1
python3.13 3.13.3-1ubuntu0.1
python3.13-minimal 3.13.3-1ubuntu0.1
Ubuntu 24.10
libpython3.12-minimal 3.12.7-1ubuntu2.1
libpython3.12t64 3.12.7-1ubuntu2.1
python3.12 3.12.7-1ubuntu2.1
python3.12-minimal 3.12.7-1ubuntu2.1
Ubuntu 24.04 LTS
libpython3.12-minimal 3.12.3-1ubuntu0.6
libpython3.12t64 3.12.3-1ubuntu0.6
python3.12 3.12.3-1ubuntu0.6
python3.12-minimal 3.12.3-1ubuntu0.6
Ubuntu 22.04 LTS
libpython3.10 3.10.12-1~22.04.10
libpython3.10-minimal 3.10.12-1~22.04.10
libpython3.11 3.11.0~rc1-1~22.04.1~esm4
Available with Ubuntu Pro
libpython3.11-minimal 3.11.0~rc1-1~22.04.1~esm4
Available with Ubuntu Pro
python3.10 3.10.12-1~22.04.10
python3.10-minimal 3.10.12-1~22.04.10
python3.11 3.11.0~rc1-1~22.04.1~esm4
Available with Ubuntu Pro
python3.11-minimal 3.11.0~rc1-1~22.04.1~esm4
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libpython3.8 3.8.10-0ubuntu1~20.04.18+esm1
Available with Ubuntu Pro
libpython3.8-minimal 3.8.10-0ubuntu1~20.04.18+esm1
Available with Ubuntu Pro
libpython3.9 3.9.5-3ubuntu0~20.04.1+esm5
Available with Ubuntu Pro
libpython3.9-minimal 3.9.5-3ubuntu0~20.04.1+esm5
Available with Ubuntu Pro
python3.8 3.8.10-0ubuntu1~20.04.18+esm1
Available with Ubuntu Pro
python3.8-minimal 3.8.10-0ubuntu1~20.04.18+esm1
Available with Ubuntu Pro
python3.9 3.9.5-3ubuntu0~20.04.1+esm5
Available with Ubuntu Pro
python3.9-minimal 3.9.5-3ubuntu0~20.04.1+esm5
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libpython3.6 3.6.9-1~18.04ubuntu1.13+esm5
Available with Ubuntu Pro
libpython3.6-minimal 3.6.9-1~18.04ubuntu1.13+esm5
Available with Ubuntu Pro
libpython3.7 3.7.5-2ubuntu1~18.04.2+esm6
Available with Ubuntu Pro
libpython3.7-minimal 3.7.5-2ubuntu1~18.04.2+esm6
Available with Ubuntu Pro
libpython3.8 3.8.0-3ubuntu1~18.04.2+esm5
Available with Ubuntu Pro
libpython3.8-minimal 3.8.0-3ubuntu1~18.04.2+esm5
Available with Ubuntu Pro
python3.6 3.6.9-1~18.04ubuntu1.13+esm5
Available with Ubuntu Pro
python3.6-minimal 3.6.9-1~18.04ubuntu1.13+esm5
Available with Ubuntu Pro
python3.7 3.7.5-2ubuntu1~18.04.2+esm6
Available with Ubuntu Pro
python3.7-minimal 3.7.5-2ubuntu1~18.04.2+esm6
Available with Ubuntu Pro
python3.8 3.8.0-3ubuntu1~18.04.2+esm5
Available with Ubuntu Pro
python3.8-minimal 3.8.0-3ubuntu1~18.04.2+esm5
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7570-1
CVE-2025-1795, CVE-2025-4516
Package Information:
https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python3.12/3.12.7-1ubuntu2.1
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.6
[USN-7536-2] cifs-utils regression
==========================================================================
Ubuntu Security Notice USN-7536-2
June 16, 2025
cifs-utils regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
USN-7536-1 introduced a regression in cifs-utils.
Software Description:
- cifs-utils: Common Internet File System utilities
Details:
USN-7536-1 fixed vulnerabilities in cifs-utils. This update introduced a
regression in certain environments. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that cifs-utils incorrectly handled namespaces when
obtaining Kerberos credentials. An attacker could possibly use this issue
to obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
cifs-utils 2:7.2-2ubuntu0.1
Ubuntu 24.10
cifs-utils 2:7.0-2.1ubuntu0.2
Ubuntu 24.04 LTS
cifs-utils 2:7.0-2ubuntu0.2
Ubuntu 22.04 LTS
cifs-utils 2:6.14-1ubuntu0.3
Ubuntu 20.04 LTS
cifs-utils 2:6.9-1ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7536-2
https://ubuntu.com/security/notices/USN-7536-1
https://launchpad.net/bugs/2112614, https://launchpad.net/bugs/2113906
Package Information:
https://launchpad.net/ubuntu/+source/cifs-utils/2:7.2-2ubuntu0.1
https://launchpad.net/ubuntu/+source/cifs-utils/2:7.0-2.1ubuntu0.2
https://launchpad.net/ubuntu/+source/cifs-utils/2:7.0-2ubuntu0.2
https://launchpad.net/ubuntu/+source/cifs-utils/2:6.14-1ubuntu0.3
https://launchpad.net/ubuntu/+source/cifs-utils/2:6.9-1ubuntu0.4
[USN-7568-1] Requests vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7568-1
June 16, 2025
requests vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Requests.
Software Description:
- requests: elegant and simple HTTP library for Python
Details:
Dennis Brinkrolf and Tobias Funke discovered that Requests did not
correctly handle certain HTTP headers. A remote attacker could possibly
use this issue to leak sensitive information. This issue only affected
Ubuntu 14.04 LTS. (CVE-2023-32681)
Juho ForsΓ©n discovered that Requests did not correctly parse URLs. A
remote attacker could possibly use this issue to leak sensitive
information. (CVE-2024-47081)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3-requests 2.32.3+dfsg-4ubuntu1.1
Ubuntu 24.10
python3-requests 2.32.3+dfsg-1ubuntu1.1
Ubuntu 24.04 LTS
python3-requests 2.31.0+dfsg-1ubuntu1.1
Ubuntu 22.04 LTS
python3-requests 2.25.1+dfsg-2ubuntu0.3
Ubuntu 20.04 LTS
python3-requests 2.22.0-2ubuntu1.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python-requests 2.18.4-2ubuntu0.1+esm2
Available with Ubuntu Pro
python3-requests 2.18.4-2ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-requests 2.9.1-3ubuntu0.1+esm2
Available with Ubuntu Pro
python3-requests 2.9.1-3ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python-requests 2.2.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
python-requests-whl 2.2.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
python3-requests 2.2.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7568-1
CVE-2023-32681, CVE-2024-47081
Package Information:
https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-4ubuntu1.1
https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/requests/2.31.0+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/requests/2.25.1+dfsg-2ubuntu0.3
[USN-7569-1] Dojo vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7569-1
June 16, 2025
dojo vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Dojo.
Software Description:
- dojo: Modular JavaScript library
Details:
It was discovered that Dojo did not correctly handle DataGrids. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2018-15494)
It was discovered that Dojo was vulnerable to prototype pollution. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-23450)
Jonathan Leitschuh discovered that Dojo did not correctly sanitize
certain inputs. An attacker could possibly use this issue to execute a
cross-site scripting (XSS) attack. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2019-10785, CVE-2020-4051)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libjs-dojo-core 1.15.4+dfsg1-1ubuntu0.1
libjs-dojo-dijit 1.15.4+dfsg1-1ubuntu0.1
libjs-dojo-dojox 1.15.4+dfsg1-1ubuntu0.1
shrinksafe 1.15.4+dfsg1-1ubuntu0.1
Ubuntu 20.04 LTS
libjs-dojo-core 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dijit 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dojox 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
shrinksafe 1.15.0+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libjs-dojo-core 1.10.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dijit 1.10.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-dojo-dojox 1.10.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7569-1
CVE-2018-15494, CVE-2019-10785, CVE-2020-4051, CVE-2021-23450
Package Information:
https://launchpad.net/ubuntu/+source/dojo/1.15.4+dfsg1-1ubuntu0.1
[USN-7555-2] Django vulnerability
==========================================================================
Ubuntu Security Notice USN-7555-2
June 16, 2025
python-django vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Django could be made to log injection if received specially
crafted input.
Software Description:
- python-django: High-level Python web development framework
Details:
USN-7555-1 fixed vulnerabilities in Django. The fix was incomplete.
This update applies an additional patch to fix it properly.
Original advisory details:
It was discovered that Django incorrectly handled certain
unescaped request paths. An attacker could possibly use this
issue to perform a log injection.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3-django 3:4.2.18-1ubuntu1.3
Ubuntu 24.10
python3-django 3:4.2.15-1ubuntu1.6
Ubuntu 24.04 LTS
python3-django 3:4.2.11-1ubuntu1.9
Ubuntu 22.04 LTS
python3-django 2:3.2.12-2ubuntu1.20
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7555-2
https://ubuntu.com/security/notices/USN-7555-1
https://launchpad.net/bugs/2113924
Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/3:4.2.15-1ubuntu1.6
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.9
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.20
[USN-7571-1] c3p0 vulnerability
==========================================================================
Ubuntu Security Notice USN-7571-1
June 16, 2025
c3p0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
c3p0 could be made to crash if it opened a specially crafted file.
Software Description:
- c3p0: JDBC Connection pooling library
Details:
Aaron Massey discovered that c3p0 could be made to crash when parsing
certain input. An attacker able to modify the applicationβs XML
configuration file could possibly use this issue to cause a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
libc3p0-java 0.9.1.2-9+deb8u1ubuntu0.14.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7571-1
CVE-2019-5427
