Home / mailings [USN-7583-1] Python vulnerabilities
Posted on 19 June 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7583-1
June 19, 2025
python3.13, python3.12 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
Python could be made to overwrite files.
Software Description:
- python3.13: An interactive high-level object-oriented language
- python3.12: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled tar archive extraction
with the filtering option. An attacker could possibly use this issue to
modify files in arbitrary filesystem locations and cause data loss.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3.13 3.13.3-1ubuntu0.2
Ubuntu 24.10
python3.12 3.12.7-1ubuntu2.2
python3.13 3.13.0-1ubuntu0.3
Ubuntu 24.04 LTS
python3.12 3.12.3-1ubuntu0.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7583-1
CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435,
CVE-2025-4517
Package Information:
https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python3.12/3.12.7-1ubuntu2.2
https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1ubuntu0.3
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.7
--===============6748858263944631837==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
