Ubuntu Linux has issued two critical security updates addressing vulnerabilities in the Tornado and Twig frameworks as outlined in the security notices USN-7547-1 and USN-7549-1, respectively, dated June 02, 2025.
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
To mitigate this issue, users should update to the following package versions:
- Ubuntu 25.04: `python3-tornado 6.4.2-1ubuntu0.25.04.1`
- Ubuntu 24.10: `python3-tornado 6.4.1-2ubuntu0.2`
- Ubuntu 24.04 LTS: `python3-tornado 6.4.0-1ubuntu0.2`
- Ubuntu 22.04 LTS: `python3-tornado 6.1.0-3ubuntu0.1~esm2` (available with Ubuntu Pro)
A standard system update is recommended to apply these changes.
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Affected users should update to:
- Ubuntu 24.10: `php-twig 3.8.0-3ubuntu1`
- Ubuntu 24.04 LTS: `php-twig 3.8.0-2ubuntu1`
Similar to the Tornado update, a standard system update will suffice to correct this vulnerability.
For further details and references, users can consult the provided links to the official Ubuntu security notices and package information
Tornado Vulnerability (USN-7547-1)
The Tornado update addresses a security flaw in the Python Tornado web server, which could lead to excessive resource consumption when processing maliciously crafted HTTP requests. This vulnerability could potentially result in a denial of service (DoS) attack. Affected versions include:- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
To mitigate this issue, users should update to the following package versions:
- Ubuntu 25.04: `python3-tornado 6.4.2-1ubuntu0.25.04.1`
- Ubuntu 24.10: `python3-tornado 6.4.1-2ubuntu0.2`
- Ubuntu 24.04 LTS: `python3-tornado 6.4.0-1ubuntu0.2`
- Ubuntu 22.04 LTS: `python3-tornado 6.1.0-3ubuntu0.1~esm2` (available with Ubuntu Pro)
A standard system update is recommended to apply these changes.
Twig Vulnerability (USN-7549-1)
The Twig update addresses a vulnerability in the PHP Twig template engine that could expose sensitive information if a specially crafted file is opened. This flaw affects:- Ubuntu 24.10
- Ubuntu 24.04 LTS
Affected users should update to:
- Ubuntu 24.10: `php-twig 3.8.0-3ubuntu1`
- Ubuntu 24.04 LTS: `php-twig 3.8.0-2ubuntu1`
Similar to the Tornado update, a standard system update will suffice to correct this vulnerability.
Recommendations
Users of affected Ubuntu versions are strongly encouraged to apply these updates promptly to ensure the security and stability of their systems. Regular updates and patches are essential in maintaining software integrity and protection against potential threats.For further details and references, users can consult the provided links to the official Ubuntu security notices and package information
Tornado and Twig updates for Ubuntu
Ubuntu Linux has received two security updates for Tornado and Twig:
[USN-7547-1] Tornado vulnerability
[USN-7549-1] Twig vulnerability
