=========================================================================
Ubuntu Security Notice USN-7583-1
June 19, 2025

python3.13, python3.12 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Python could be made to overwrite files.

Software Description:
- python3.13: An interactive high-level object-oriented language
- python3.12: An interactive high-level object-oriented language

Details:

It was discovered that Python incorrectly handled tar archive extraction
with the filtering option. An attacker could possibly use this issue to
modify files in arbitrary filesystem locations and cause data loss.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  python3.13                      3.13.3-1ubuntu0.2

Ubuntu 24.10
  python3.12                      3.12.7-1ubuntu2.2
  python3.13                      3.13.0-1ubuntu0.3

Ubuntu 24.04 LTS
  python3.12                      3.12.3-1ubuntu0.7

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7583-1
  CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435,
  CVE-2025-4517

Package Information:
  https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.2
  https://launchpad.net/ubuntu/+source/python3.12/3.12.7-1ubuntu2.2
  https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1ubuntu0.3
  https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.7