Home / mailings [USN-7886-1] Python vulnerabilities
Posted on 24 November 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7886-1
November 24, 2025
python3.12, python3.11, python3.10, python3.9, python3.8, python3.7,
python3.6, python3.5, python3.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.12: An interactive high-level object-oriented language
- python3.10: An interactive high-level object-oriented language
- python3.11: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python3.9: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
- python3.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
- python3.4: An interactive high-level object-oriented language
Details:
It was discovered that Python inefficiently handled expanding system
environment variables. An attacker could possibly use this issue to cause
Python to consume excessive resources, leading to a denial of service.
(CVE-2025-6075)
Caleb Brown discovered that Python incorrectly handled the ZIP64 End of
Central Directory (EOCD) Locator record offset value. An attacker could
possibly use this issue to obfuscate malicious content. (CVE-2025-8291)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libpython3.12t64 3.12.3-1ubuntu0.9
python3.12 3.12.3-1ubuntu0.9
Ubuntu 22.04 LTS
idle-python3.11 3.11.0~rc1-1~22.04.1~esm6
Available with Ubuntu Pro
libpython3.10 3.10.12-1~22.04.12
python3.10 3.10.12-1~22.04.12
python3.11 3.11.0~rc1-1~22.04.1~esm6
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libpython3.8 3.8.10-0ubuntu1~20.04.18+esm3
Available with Ubuntu Pro
libpython3.9 3.9.5-3ubuntu0~20.04.1+esm7
Available with Ubuntu Pro
python3.8 3.8.10-0ubuntu1~20.04.18+esm3
Available with Ubuntu Pro
python3.9 3.9.5-3ubuntu0~20.04.1+esm7
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libpython3.6 3.6.9-1~18.04ubuntu1.13+esm7
Available with Ubuntu Pro
libpython3.7 3.7.5-2ubuntu1~18.04.2+esm8
Available with Ubuntu Pro
libpython3.8 3.8.0-3ubuntu1~18.04.2+esm7
Available with Ubuntu Pro
python3.6 3.6.9-1~18.04ubuntu1.13+esm7
Available with Ubuntu Pro
python3.7 3.7.5-2ubuntu1~18.04.2+esm8
Available with Ubuntu Pro
python3.8 3.8.0-3ubuntu1~18.04.2+esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpython3.5 3.5.2-2ubuntu0~16.04.13+esm20
Available with Ubuntu Pro
python3.5 3.5.2-2ubuntu0~16.04.13+esm20
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libpython3.4 3.4.3-1ubuntu1~14.04.7+esm17
Available with Ubuntu Pro
libpython3.5 3.5.2-2ubuntu0~16.04.4~14.04.1+esm8
Available with Ubuntu Pro
python3.4 3.4.3-1ubuntu1~14.04.7+esm17
Available with Ubuntu Pro
python3.5 3.5.2-2ubuntu0~16.04.4~14.04.1+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7886-1
CVE-2025-6075, CVE-2025-8291
Package Information:
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.9
--===============1054230080485950514==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
