|
|
Log in / Subscribe / Register

Ubuntu alert USN-7916-2 (python-apt)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7916-2] python-apt regression


Date:
              Fri, 16 Jan 2026 05:50:50 +0000


Message-ID:
              <E1vgcjS-0006AS-2X@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7916-2
January 15, 2026

python-apt regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

USN-7916-1 introduced a regression in python-apt

Software Description:
- python-apt: Python interface to libapt-pkg

Details:

USN-7916-1 fixed a vulnerability in python-apt. The update had a
PEP 440 incompatible version. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Julian Andres Klode discovered that python-apt incorrectly handled
 deb822 configuration files. An attacker could use this issue to cause
 python-apt to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  python-apt                      2.0.1ubuntu0.20.04.2esm2
                                  Available with Ubuntu Pro
  python-apt-common               2.0.1ubuntu0.20.04.2esm2
                                  Available with Ubuntu Pro
  python-apt-dev                  2.0.1ubuntu0.20.04.2esm2
                                  Available with Ubuntu Pro
  python-apt-doc                  2.0.1ubuntu0.20.04.2esm2
                                  Available with Ubuntu Pro
  python3-apt                     2.0.1ubuntu0.20.04.2esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7916-2
  https://ubuntu.com/security/notices/USN-7916-1
  CVE-2025-6966, https://bugs.launchpad.net/bugs/2137070




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmlpwWIACgkQcpJm3tlz
hgH76RAA0BcF/7OuQKH37R3EBL+YBitqMUEN8+myAhKH76qpDXy0etR9DCeN327s
vFestFkw1Urltogm3NldTKE13WB9RWk9UfJL0pFFj2UeTtQ+6DY31vUDbERyM+EK
p9EaeVe8G3TYyh3h7RjC0A8VqRsz/a2iGZ2MgM9n7UQXwHYdJwY8sCCZnNeJsfDK
ejvLiyPUJNBtf2UIetYLh82jvJvD5lED77/D0kgFkziai70X9U5bto8l2rVfdt0j
LAYZxgC33Wy8MNd7mEnQukik0SHp3Y72cmFHaN9x4Gdupe+gIcAqVxMXSgcZmfn8
LG0Ptj9mcKGLhThyYX36Es/20aFjUIQNdVMePMSzi5+8/Kz+ZSdteeHfw5bo99kG
2l2o0Z6ZK2DcCTmPI5JfqBqrr9UJuNSaLUezZ/vWbcUCc3YzOepDIVvux4lrkDLz
xMKnxiFGCm+SwedPSuVcZ6o53dQdoNAS6PV4kTa3fLtZ1tYD2hPUcOMSUzzt75uS
N4jwJQuRwvluymZL6FNhslDg/+PfJWavFHCsF8atpvRe9GJLE6WisL3pqqO3vKyK
3zeI8ZJ9JEjNb97wgYQCqi4iaVb8CsTieuSlxxcAwUAPdlKpTkzC+Q5565cJhkLI
UhqXGKCQjne42j0KLQcU4bgvXiEGK5D1ig/4Rt03OecjrOvY4sM=
=HXSQ
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds