|
|
Log in / Subscribe / Register

Ubuntu alert USN-7989-1 (python-internetarchive)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7989-1] The Internet Archive Python Library vulnerability


Date:
              Wed, 04 Feb 2026 02:34:08 +0000


Message-ID:
              <E1vnSiW-0001Lr-EK@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7989-1
February 02, 2026

python-internetarchive vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

The Internet Archive Python Library would allow unintended access to files.

Software Description:
- python-internetarchive: A Python and Command-Line Interface to Archive.org

Details:

Pengo Wray discovered that The Internet Archive Python Library incorrectly
handled certain file paths when downloading files. An attacker could
possibly use this issue to write files to arbitrary locations on the file
system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  internetarchive                 5.4.0-1ubuntu0.1
  python3-internetarchive         5.4.0-1ubuntu0.1

Ubuntu 24.04 LTS
  internetarchive                 3.5.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-internetarchive         3.5.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  internetarchive                 1.9.9-1ubuntu0.1
  python3-internetarchive         1.9.9-1ubuntu0.1

Ubuntu 20.04 LTS
  internetarchive                 1.9.0-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  python3-internetarchive         1.9.0-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7989-1
  CVE-2025-58438

Package Information:
  https://launchpad.net/ubuntu/+source/python-internetarchi...
  https://launchpad.net/ubuntu/+source/python-internetarchi...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmCr7UACgkQcpJm3tlz
hgF8dg//ctf5D2HByqGD+kqR/XvjzeSo5J38HL6paK29fQvUU5umwadf2YIueiqS
Pwcw6f52ww3hmbdNSCKl7emRs9LeR/Su4p1jgh7RgUwTwIYShrPJ6TJfsaCZbvdJ
oaf9mQT83Q2LfTCIrk3tYjg+d2Xlv2uhLBLoveD/leilN8mnRKTWPGmAedNE9LtB
+nc2hBDkwo62O++ww9qIO5h8ylCz556u6BW5qGOWarn8dyslvcL5o4B6FxQWfEB/
NpXGSUdyhUj8ytzQhYbJoUP2GscOEwk8SbThDVcFIFBe46KEcOC5zfrtF+/0Qlz+
E128OPDCvrS8iT8nco5c9Vu3LyWFjEw7jrCwdZtw3wsgW98zv9RQYl5hYdMc07wK
FoIbPWOUPxXOKga/A5hRnjr4UAwnhZsi/lCqTYCOGVDJ6Q5EXrY6NC4dlsnHb2np
nvnDK1HzbOuoBSQBxdfkJF7tzyca5U0vSN9yygdMpO5vCS9XEGEmUE4kh1g7ig35
TxTz8lqffgrC/0eiSIxEtHyWa0CIhbkDpLiPinnzWV6NPkBjcuCGGhoHk46Bpkhd
WPOeU5OcuaMo/OqZy13BCOUnF6e4rJ8FvzgeEjxUM+btfp33SwpQAe84DeGK1pGy
1hXFbA0tmUasrYya3CgxcdkGRamNQybO950WjUpUgw0Hre3pGxg=
=ouUS
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds