Not a user yet?
Log in Register for free Suggest a product
Update

USN-7927-3: urllib3 regression

Ubuntu DesktopUbuntu Desktop
Canonical

USN-7927-3: urllib3 regression

Publication date:13 January 2026
Overview: USN-7927-1 introduced a regression in urllib3

Packages
python-urllib3 - HTTP library with thread-safe connection pooling

Details
USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471
introduced a regression in urllib3 when decompressing zstd data. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Illia Volochii discovered that urllib3 did not limit the steps in a
decompression chain. An attacker could possibly use this issue to cause
urllib3 to use excessive resources, causing a denial of service.
(CVE-2025-66418)

Rui Xi discovered that urllib3 incorrectly handled highly compressed data.
An attacker could possibly use this issue to cause urllib3 to use
excessive resources, causing a denial of service. This issue only affected
Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471)

For the brotli encoding, the fix for CVE-2025-66471 requires an additional
security update in the brotli package.

Update instructions
In general, a standard system update will make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

  • 25.10 questing python3-urllib3 – 2.3.0-3ubuntu0.4
  • 25.04 plucky python3-urllib3 – 2.3.0-2ubuntu0.5
  • 24.04 LTS noble python3-urllib3 – 2.0.7-1ubuntu0.6
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad