========================================================================== Ubuntu Security Notice USN-7488-1 May 06, 2025 python vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Python. Software Description: - python3.13: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.11: An interactive high-level object-oriented language - python3.9: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Details: It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7, python3.6, python3.7, and python3.8 on Ubuntu 18.04 LTS; python2.7 and python3.9 on Ubuntu 20.04 LTS; and python2.7 and python3.11 on Ubuntu 22.04 LTS. (CVE-2024-11168) It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. This issue only affected python3.4 on Ubuntu 14.04 LTS; python3.6, python3.7, and python3.8 on Ubuntu 18.04 LTS; python3.9 on Ubuntu 20.04 LTS; and python3.11 on Ubuntu 22.04 LTS. (CVE-2024-6232) It was discovered that Python incorrectly handled quoted path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated. This issue only affected python3.4 on Ubuntu 14.04 LTS; python3.6, python3.7, and python3.8 on Ubuntu 18.04 LTS; python3.9 on Ubuntu 20.04 LTS; python3.11 on Ubuntu 22.04 LTS; and python3.13 on Ubuntu 24.10. (CVE-2024-9287) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10   python3.13                      3.13.0-1ubuntu0.1   python3.13-minimal              3.13.0-1ubuntu0.1   python3.13-venv                 3.13.0-1ubuntu0.1 Ubuntu 22.04 LTS   python2.7                       2.7.18-13ubuntu1.5+esm5                                   Available with Ubuntu Pro   python2.7-minimal               2.7.18-13ubuntu1.5+esm5                                   Available with Ubuntu Pro   python3.11                      3.11.0~rc1-1~22.04.1~esm2                                   Available with Ubuntu Pro   python3.11-minimal              3.11.0~rc1-1~22.04.1~esm2                                   Available with Ubuntu Pro   python3.11-venv                 3.11.0~rc1-1~22.04.1~esm2                                   Available with Ubuntu Pro Ubuntu 20.04 LTS   python2.7                       2.7.18-1~20.04.7+esm6                                   Available with Ubuntu Pro   python2.7-minimal               2.7.18-1~20.04.7+esm6                                   Available with Ubuntu Pro   python3.9                       3.9.5-3ubuntu0~20.04.1+esm3                                   Available with Ubuntu Pro   python3.9-minimal               3.9.5-3ubuntu0~20.04.1+esm3                                   Available with Ubuntu Pro   python3.9-venv                  3.9.5-3ubuntu0~20.04.1+esm3                                   Available with Ubuntu Pro Ubuntu 18.04 LTS   python2.7                       2.7.17-1~18.04ubuntu1.13+esm10                                   Available with Ubuntu Pro   python2.7-minimal               2.7.17-1~18.04ubuntu1.13+esm10                                   Available with Ubuntu Pro   python3.6                       3.6.9-1~18.04ubuntu1.13+esm3                                   Available with Ubuntu Pro   python3.6-minimal               3.6.9-1~18.04ubuntu1.13+esm3                                   Available with Ubuntu Pro   python3.6-venv                  3.6.9-1~18.04ubuntu1.13+esm3                                   Available with Ubuntu Pro   python3.7                       3.7.5-2ubuntu1~18.04.2+esm4                                   Available with Ubuntu Pro   python3.7-minimal               3.7.5-2ubuntu1~18.04.2+esm4                                   Available with Ubuntu Pro   python3.7-venv                  3.7.5-2ubuntu1~18.04.2+esm4                                   Available with Ubuntu Pro   python3.8                       3.8.0-3ubuntu1~18.04.2+esm3                                   Available with Ubuntu Pro   python3.8-minimal               3.8.0-3ubuntu1~18.04.2+esm3                                   Available with Ubuntu Pro   python3.8-venv                  3.8.0-3ubuntu1~18.04.2+esm3                                   Available with Ubuntu Pro Ubuntu 16.04 LTS   python2.7                       2.7.12-1ubuntu0~16.04.18+esm15                                   Available with Ubuntu Pro   python2.7-minimal               2.7.12-1ubuntu0~16.04.18+esm15                                   Available with Ubuntu Pro Ubuntu 14.04 LTS   python2.7                       2.7.6-8ubuntu0.6+esm24                                   Available with Ubuntu Pro   python2.7-minimal               2.7.6-8ubuntu0.6+esm24                                   Available with Ubuntu Pro   python3.4                       3.4.3-1ubuntu1~14.04.7+esm14                                   Available with Ubuntu Pro   python3.4-minimal               3.4.3-1ubuntu1~14.04.7+esm14                                   Available with Ubuntu Pro   python3.4-venv                  3.4.3-1ubuntu1~14.04.7+esm14                                   Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7488-1   CVE-2024-11168, CVE-2024-6232, CVE-2024-9287 Package Information: https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1ubuntu0.1