USN-7583-1
- Source
- https://ubuntu.com/security/notices/USN-7583-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7583-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7583-1
- Upstream
- Related
- Published
- 2025-06-19T12:22:58.458670Z
- Modified
- 2025-10-13T04:41:32Z
- Summary
- python3.13, python3.12 vulnerabilities
- Details
-
It was discovered that Python incorrectly handled tar archive extraction with the filtering option. An attacker could possibly use this issue to modify files in arbitrary filesystem locations and cause data loss.
- References
Affected packages
Ubuntu:24.04:LTS / python3.12
Package
- Name
- python3.12
- Purl
- pkg:deb/ubuntu/python3.12@3.12.3-1ubuntu0.7?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.3-1ubuntu0.7
Affected versions
3.*
3.12.0-1
3.12.0-5
3.12.0-6
3.12.0-7
3.12.1-2
3.12.2-1
3.12.2-4build3
3.12.2-4build4
3.12.2-5ubuntu3
3.12.3-1
3.12.3-1ubuntu0.1
3.12.3-1ubuntu0.2
3.12.3-1ubuntu0.3
3.12.3-1ubuntu0.4
3.12.3-1ubuntu0.5
3.12.3-1ubuntu0.6
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "idle-python3.12",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "libpython3.12-dev",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "libpython3.12-minimal",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "libpython3.12-stdlib",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "libpython3.12-testsuite",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "libpython3.12t64",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "python3.12",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "python3.12-dev",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "python3.12-examples",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "python3.12-full",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "python3.12-minimal",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "python3.12-nopie",
"binary_version": "3.12.3-1ubuntu0.7"
},
{
"binary_name": "python3.12-venv",
"binary_version": "3.12.3-1ubuntu0.7"
}
]
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"id": "CVE-2024-12718",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-4138",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-4330",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-4435",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-4517",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:25.04 / python3.13
Package
- Name
- python3.13
- Purl
- pkg:deb/ubuntu/python3.13@3.13.3-1ubuntu0.2?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.13.3-1ubuntu0.2
Affected versions
3.*
3.13.0-1
3.13.0-2
3.13.1-2
3.13.1-3
3.13.2-1
3.13.2-2
3.13.2-3
3.13.3-1
3.13.3-1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "idle-python3.13",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "libpython3.13",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "libpython3.13-dev",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "libpython3.13-minimal",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "libpython3.13-stdlib",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "libpython3.13-testsuite",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "python3.13",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "python3.13-dev",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "python3.13-examples",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "python3.13-full",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "python3.13-gdbm",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "python3.13-minimal",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "python3.13-nopie",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "python3.13-tk",
"binary_version": "3.13.3-1ubuntu0.2"
},
{
"binary_name": "python3.13-venv",
"binary_version": "3.13.3-1ubuntu0.2"
}
]
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:25.04",
"cves": [
{
"id": "CVE-2024-12718",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-4138",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-4330",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-4435",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2025-4517",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}