Home / mailings [USN-8524-1] Python vulnerability
Posted on 09 July 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8524-1
July 09, 2026
python2.7, python3.5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Python could be made to crash if it received specially crafted
input.
Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
Details:
It was discovered that Python did not use sufficient entropy for Expat
hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree
modules. An attacker could use this to cause a denial of service via a
crafted XML document.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
idle-python2.7 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
idle-python3.5 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
libpython2.7 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
libpython2.7-dev 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
libpython2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
libpython2.7-stdlib 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
libpython2.7-testsuite 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
libpython3.5 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
libpython3.5-dev 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
libpython3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
libpython3.5-testsuite 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
python2.7 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
python2.7-dev 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
python2.7-doc 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
python2.7-examples 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
python2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm20
Available with Ubuntu Pro
python3.5 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
python3.5-dev 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
python3.5-doc 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
python3.5-examples 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
python3.5-venv 3.5.2-2ubuntu0~16.04.13+esm23
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8524-1
CVE-2026-7210
--===============2078268061593671713==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
