========================================================================== Ubuntu Security Notice USN-7886-2 November 26, 2025
python3.13 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 Summary: Several security issues were fixed in Python. Software Description: - python3.13: An interactive high-level object-oriented language Details: USN-7886-1 fixed vulnerabilities in Python. This update provides the corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10. Original advisory details: It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. (CVE-2025-6075) Caleb Brown discovered that Python incorrectly handled the ZIP64 End of Central Directory (EOCD) Locator record offset value. An attacker could possibly use this issue to obfuscate malicious content. (CVE-2025-8291) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libpython3.13 3.13.7-1ubuntu0.1 python3.13 3.13.7-1ubuntu0.1 Ubuntu 25.04 libpython3.13 3.13.3-1ubuntu0.4 python3.13 3.13.3-1ubuntu0.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7886-2 https://ubuntu.com/security/notices/USN-7886-1 CVE-2025-6075, CVE-2025-8291 Package Information: https://launchpad.net/ubuntu/+source/python3.13/3.13.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.4
signature.asc
Description: OpenPGP digital signature
