Ubuntu alert USN-8214-1 (nltk)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8214-1] NLTK vulnerability | |
| Date: | Tue, 28 Apr 2026 10:23:59 +0000 | |
| Message-ID: | <E1wHfbj-0007FY-7U@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8214-1 April 28, 2026 nltk vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: NLTK could be made to crash or run programs as your login if it opened a specially crafted zip file. Software Description: - nltk: Natural Language Toolkit Details: It was discovered that NLTK incorrectly handled file extraction when opening a maliciously crafted zip file. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-nltk 3.8.1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS python3-nltk 3.7-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS python3-nltk 3.4.5-2ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS python-nltk 3.2.5-1ubuntu0.1+esm3 Available with Ubuntu Pro python3-nltk 3.2.5-1ubuntu0.1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS python-nltk 3.1-1ubuntu0.1+esm3 Available with Ubuntu Pro python3-nltk 3.1-1ubuntu0.1+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS python-nltk 2.0~b9-0ubuntu4.1~esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8214-1 CVE-2025-14009
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnwigQACgkQcpJm3tlz hgGG+RAAthma1774ocSzmjod4LSSL1FYfgFahVLdQRX8p0PnUbVEr3vXguBQT9eD z4/3yDn+P6wrbsSd0GnQAPAd7MJMnvzn0c5jIu1avnWtSnhKY8sn0ICQVAsNOsMs jEUopww8LXm5PBB1uqgmR8xm/yTkzMvmxxgjYWTtoOLZxR6/a4QJ8knF9ukzykhM B0F3vAw3N0rLAQ18XagN94xKfnO98UWNAznCxOw2tOLgg+or29JZz8xN25FHhqcQ f37L8e/+hbWy7DZ+YO16+ykWaoPZP0PRVnWYEV0CUPTrkdLzOFZp2d4rZpBYAnLj XsBvxKf2hpJUKo+GZuCdlKEYKEeIL7MBbaly9lTLsvcRXuS5PFSQEIwqs+yZJ4Jz IIBV9VfjJKcMFoUmjVu8aeua9x9LZvyB3gG9ey+EBt1wT8bUiRy8ajjgvKMQ4yoR xgxgDTRHDIFxDHIuUZVZhykuNzaRm0GSvmyNz09eZ9GtPD9ZDkrQgnxVUZX+LXuQ UVwAkp77pBBeaUgh5dhv8+ccl/eosGS3oWmsRTz3hPRZrfVdK9+CHVLyTXFYNgXX zX45JunmcRxQ6Qqatr8yA6yqPklgkYmfedb0VtKVpLSQjkZ4pMJXalzIGLjl030p y+BFeRJd+OOTTADEcJe2Xgt1AhMIGOMQ5/cIqB7wrIKX7Y947ME= =05Ss -----END PGP SIGNATURE-----