Home / mailings [USN-8379-1] urllib3 vulnerabilities
Posted on 03 June 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8379-1
June 03, 2026
python-urllib3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in urllib3.
Software Description:
- python-urllib3: HTTP library with thread-safe connection pooling
Details:
It was discovered that urllib3 incorrectly handled cross-origin redirects
in ProxyManager. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2026-44431)
It was discovered that urllib3 incorrectly handled decompression of
specially crafted responses. A remote attacker could possibly use this
issue to cause urllib3 to consume resources, leading to a denial of
service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-44432)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
python3-urllib3 2.6.3-1ubuntu1.1
Ubuntu 25.10
python3-urllib3 2.3.0-3ubuntu0.6
Ubuntu 24.04 LTS
python3-urllib3 2.0.7-1ubuntu0.7
Ubuntu 22.04 LTS
python3-urllib3 1.26.5-1~exp1ubuntu0.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8379-1
CVE-2026-44431, CVE-2026-44432
Package Information:
https://launchpad.net/ubuntu/+source/python-urllib3/2.6.3-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-3ubuntu0.6
https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.7
https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.7
--===============5261886058062125473==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
