[USN-7951-1] Python vulnerability

Mon, 12 Jan 2026 03:48:49 -0800 

==========================================================================
Ubuntu Security Notice USN-7951-1
January 12, 2026

python3.8, python3.9, python3.10, python3.11, python3.12, python3.13,
python3.14 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Python could be made to crash if it received specially crafted network
traffic.

Software Description:
- python3.13: An interactive high-level object-oriented language
- python3.14: An interactive high-level object-oriented language
- python3.12: An interactive high-level object-oriented language
- python3.10: An interactive high-level object-oriented language
- python3.11: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python3.9: An interactive high-level object-oriented language

Details:

It was discovered that Python's http.client did not properly handle the
Content-Length header in HTTP responses. A malicious server could exploit
this to cause Python to allocate excessive memory, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libpython3.13                   3.13.7-1ubuntu0.2
  libpython3.14                   3.14.0-1ubuntu0.1
  python3.13                      3.13.7-1ubuntu0.2
  python3.14                      3.14.0-1ubuntu0.1

Ubuntu 25.04
  libpython3.13                   3.13.3-1ubuntu0.5
  python3.13                      3.13.3-1ubuntu0.5

Ubuntu 24.04 LTS
  libpython3.12t64                3.12.3-1ubuntu0.10
  python3.12                      3.12.3-1ubuntu0.10

Ubuntu 22.04 LTS
  libpython3.10                   3.10.12-1~22.04.13
  libpython3.11                   3.11.0~rc1-1~22.04.1~esm7
                                  Available with Ubuntu Pro
  python3.10                      3.10.12-1~22.04.13
  python3.11                      3.11.0~rc1-1~22.04.1~esm7
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libpython3.8                    3.8.10-0ubuntu1~20.04.18+esm4
                                  Available with Ubuntu Pro
  libpython3.9                    3.9.5-3ubuntu0~20.04.1+esm8
                                  Available with Ubuntu Pro
  python3.8                       3.8.10-0ubuntu1~20.04.18+esm4
                                  Available with Ubuntu Pro
  python3.9                       3.9.5-3ubuntu0~20.04.1+esm8
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libpython3.8                    3.8.0-3ubuntu1~18.04.2+esm8
                                  Available with Ubuntu Pro
  python3.8                       3.8.0-3ubuntu1~18.04.2+esm8
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7951-1
  CVE-2025-13836

Package Information:
  https://launchpad.net/ubuntu/+source/python3.13/3.13.7-1ubuntu0.2
  https://launchpad.net/ubuntu/+source/python3.14/3.14.0-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.5
  https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.10

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to