SecurityHome.eu [USN-7951-1] Python vulnerability

Home / mailings PDF

[USN-7951-1] Python vulnerability
Posted on 12 January 2026
Ubuntu Security
==========================================================================Ubuntu Security Notice USN-7951-1
January 12, 2026

python3.8, python3.9, python3.10, python3.11, python3.12, python3.13,
python3.14 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Python could be made to crash if it received specially crafted network
traffic.

Software Description:
- python3.13: An interactive high-level object-oriented language
- python3.14: An interactive high-level object-oriented language
- python3.12: An interactive high-level object-oriented language
- python3.10: An interactive high-level object-oriented language
- python3.11: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python3.9: An interactive high-level object-oriented language

Details:

It was discovered that Python's http.client did not properly handle the
Content-Length header in HTTP responses. A malicious server could exploit
this to cause Python to allocate excessive memory, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libpython3.13 3.13.7-1ubuntu0.2
libpython3.14 3.14.0-1ubuntu0.1
python3.13 3.13.7-1ubuntu0.2
python3.14 3.14.0-1ubuntu0.1

Ubuntu 25.04
libpython3.13 3.13.3-1ubuntu0.5
python3.13 3.13.3-1ubuntu0.5

Ubuntu 24.04 LTS
libpython3.12t64 3.12.3-1ubuntu0.10
python3.12 3.12.3-1ubuntu0.10

Ubuntu 22.04 LTS
libpython3.10 3.10.12-1~22.04.13
libpython3.11 3.11.0~rc1-1~22.04.1~esm7
Available with Ubuntu Pro
python3.10 3.10.12-1~22.04.13
python3.11 3.11.0~rc1-1~22.04.1~esm7
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libpython3.8 3.8.10-0ubuntu1~20.04.18+esm4
Available with Ubuntu Pro
libpython3.9 3.9.5-3ubuntu0~20.04.1+esm8
Available with Ubuntu Pro
python3.8 3.8.10-0ubuntu1~20.04.18+esm4
Available with Ubuntu Pro
python3.9 3.9.5-3ubuntu0~20.04.1+esm8
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libpython3.8 3.8.0-3ubuntu1~18.04.2+esm8
Available with Ubuntu Pro
python3.8 3.8.0-3ubuntu1~18.04.2+esm8
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7951-1
CVE-2025-13836

Package Information:
https://launchpad.net/ubuntu/+source/python3.13/3.13.7-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python3.14/3.14.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.5
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.10

--===============5106028759251639185==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

TOP

Mailings :

Last 20

Exploits :

Last 20