Packages
- python3.13 - An interactive high-level object-oriented language
Details
USN-7886-1 fixed vulnerabilities in Python. This update provides the
corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10.
Original advisory details:
It was discovered that Python inefficiently handled expanding system
environment variables. An attacker could possibly use this issue to cause
Python to consume excessive resources, leading to a denial of service.
(CVE-2025-6075)
Caleb Brown discovered that Python incorrectly handled the ZIP64 End of
Central Directory (EOCD) Locator record offset value. An attacker could
possibly use this issue to obfuscate malicious content. (CVE-2025-8291)
USN-7886-1 fixed vulnerabilities in Python. This update provides the
corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10.
Original advisory details:
It was discovered that Python inefficiently handled expanding system
environment variables. An attacker could possibly use this issue to cause
Python to consume excessive resources, leading to a denial of service.
(CVE-2025-6075)
Caleb Brown discovered that Python incorrectly handled the ZIP64 End of
Central Directory (EOCD) Locator record offset value. An attacker could
possibly use this issue to obfuscate malicious content. (CVE-2025-8291)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.10 questing | libpython3.13 – 3.13.7-1ubuntu0.1 | ||
| python3.13 – 3.13.7-1ubuntu0.1 | |||
| 25.04 plucky | libpython3.13 – 3.13.3-1ubuntu0.4 | ||
| python3.13 – 3.13.3-1ubuntu0.4 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.