==========================================================================
Ubuntu Security Notice USN-8524-1
July 09, 2026

python2.7, python3.5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Python could be made to crash if it received specially crafted
input.

Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language

Details:

It was discovered that Python did not use sufficient entropy for Expat
hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree
modules. An attacker could use this to cause a denial of service via a
crafted XML document.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  idle-python2.7                  2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  idle-python3.5                  3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython2.7                    2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython2.7-dev                2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython2.7-minimal            2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython2.7-stdlib             2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython2.7-testsuite          2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython3.5                    3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython3.5-dev                3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython3.5-minimal            3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython3.5-stdlib             3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython3.5-testsuite          3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python2.7                       2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python2.7-dev                   2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python2.7-doc                   2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python2.7-examples              2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python2.7-minimal               2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python3.5                       3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-dev                   3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-doc                   3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-examples              3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-minimal               3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-venv                  3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8524-1
  CVE-2026-7210

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to