Home / mailings [USN-7886-2] Python vulnerabilities
Posted on 26 November 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7886-2
November 26, 2025
python3.13 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.13: An interactive high-level object-oriented language
Details:
USN-7886-1 fixed vulnerabilities in Python. This update provides the
corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10.
Original advisory details:
It was discovered that Python inefficiently handled expanding system
environment variables. An attacker could possibly use this issue to cause
Python to consume excessive resources, leading to a denial of service.
(CVE-2025-6075)
Caleb Brown discovered that Python incorrectly handled the ZIP64 End of
Central Directory (EOCD) Locator record offset value. An attacker could
possibly use this issue to obfuscate malicious content. (CVE-2025-8291)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libpython3.13 3.13.7-1ubuntu0.1
python3.13 3.13.7-1ubuntu0.1
Ubuntu 25.04
libpython3.13 3.13.3-1ubuntu0.4
python3.13 3.13.3-1ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7886-2
https://ubuntu.com/security/notices/USN-7886-1
CVE-2025-6075, CVE-2025-8291
Package Information:
https://launchpad.net/ubuntu/+source/python3.13/3.13.7-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.4
--===============6320217169609297790==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
