Ubuntu alert USN-7583-1 (python3.13, python3.12)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7583-1] Python vulnerabilities | |
| Date: | Thu, 19 Jun 2025 18:13:03 +0000 | |
| Message-ID: | <E1uSJl1-0007hO-Av@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7583-1 June 19, 2025 python3.13, python3.12 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS Summary: Python could be made to overwrite files. Software Description: - python3.13: An interactive high-level object-oriented language - python3.12: An interactive high-level object-oriented language Details: It was discovered that Python incorrectly handled tar archive extraction with the filtering option. An attacker could possibly use this issue to modify files in arbitrary filesystem locations and cause data loss. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3.13 3.13.3-1ubuntu0.2 Ubuntu 24.10 python3.12 3.12.7-1ubuntu2.2 python3.13 3.13.0-1ubuntu0.3 Ubuntu 24.04 LTS python3.12 3.12.3-1ubuntu0.7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7583-1 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517 Package Information: https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1u... https://launchpad.net/ubuntu/+source/python3.12/3.12.7-1u... https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1u... https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1u...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmhUUvoACgkQcpJm3tlz hgFpFRAAjv8PWMOcDzDQU7loQbjneJcWgSnTTH691TI1xugfL2s/6UV4jPyGz27a QR2wyPEsoHwN+ZbQFJRSsl0XuUG60EWiPM7QJXIyGoUCKQtDPksWVI10HKiK3Gpl wgMH3bGWMDpX3WxDNmMxexgdGSvbF8mE2ycZ3J1ZG+KocMVIv3f6n2uEQGVSEr/x Mkrq5y/U1DdpPFqBwc7b50f8VYnEzaiqS672lIVbTI+5qd/lHkGAom5PBF+WrlRG oXnO743FQ6EfaZxKGYWXv/35OPZ2kcxghzp4DaIPM8tBmSGwYhYKqnHroga4d4DF ynNihH375P/cvxdFdbFrW528IIc/o1yhuTi3v9cm4LbnSicgV62mvNDF2W7+5V7N I103clcL4k/ZcDGs3eSQE9ckkbn7n6gc0HVj9mDlIsSAGml1PIBdFpj2t9hZEnF/ AC2MoG1mWz/g//RmotXBz6pCjvys6diE3P1RYe4NVCw7onq1yyluliOATCNTQuQN aOafctfcrJ5o30I3BF/bnb5PDZX2/MSSIJ3NmihiQPF1G43sgcjbaJfp/W759a1D 69NprcT+lgi30nEQbm0Dje2TMHBPwZdywHDusfDAs/d5tD47K82tIAjoq2GsRCs/ bO//UDm/JB4QjYEoEiZBrBNlR/hW59s8rD+upRg2Q8Jmp22uw1U= =exio -----END PGP SIGNATURE-----