USN-7583-1
- Source
- https://ubuntu.com/security/notices/USN-7583-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7583-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7583-1
- Related
- Published
- 2025-06-19T12:22:58.458670Z
- Modified
- 2025-06-19T12:22:58.458670Z
- Summary
- python3.13, python3.12 vulnerabilities
- Details
-
It was discovered that Python incorrectly handled tar archive extraction with the filtering option. An attacker could possibly use this issue to modify files in arbitrary filesystem locations and cause data loss.
- References
Affected packages
Ubuntu:24.10 / python3.12
Package
- Name
- python3.12
- Purl
- pkg:deb/ubuntu/python3.12@3.12.7-1ubuntu2.2?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.7-1ubuntu2.2
Affected versions
3.*
3.12.3-1
3.12.4-1
3.12.4-1ubuntu1
3.12.5-1
3.12.5-4
3.12.6-1
3.12.7-0ubuntu1
3.12.7-1
3.12.7-1ubuntu1
3.12.7-1ubuntu1.1
3.12.7-1ubuntu2
3.12.7-1ubuntu2.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "idle-python3.12"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "libpython3.12-dev"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "libpython3.12-minimal"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "libpython3.12-stdlib"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "libpython3.12-testsuite"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "libpython3.12t64"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "libpython3.12t64-dbg"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-dbg"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-dev"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-doc"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-examples"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-full"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-gdbm"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-minimal"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-nopie"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-tk"
},
{
"binary_version": "3.12.7-1ubuntu2.2",
"binary_name": "python3.12-venv"
}
],
"availability": "No subscription required"
}
Ubuntu:24.10 / python3.13
Package
- Name
- python3.13
- Purl
- pkg:deb/ubuntu/python3.13@3.13.0-1ubuntu0.3?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.13.0-1ubuntu0.3
Affected versions
3.*
3.13.0~b4-1
3.13.0~rc1-1
3.13.0~rc1-4
3.13.0~rc2-1
3.13.0~rc3-0ubuntu1
3.13.0~rc3-1
3.13.0-1
3.13.0-1ubuntu0.1
3.13.0-1ubuntu0.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "idle-python3.13"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "libpython3.13"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "libpython3.13-dbg"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "libpython3.13-dev"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "libpython3.13-minimal"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "libpython3.13-stdlib"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "libpython3.13-testsuite"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-dbg"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-dev"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-doc"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-examples"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-full"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-gdbm"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-minimal"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-nopie"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-tk"
},
{
"binary_version": "3.13.0-1ubuntu0.3",
"binary_name": "python3.13-venv"
}
],
"availability": "No subscription required"
}
Ubuntu:24.04:LTS / python3.12
Package
- Name
- python3.12
- Purl
- pkg:deb/ubuntu/python3.12@3.12.3-1ubuntu0.7?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.12.3-1ubuntu0.7
Affected versions
3.*
3.12.0-1
3.12.0-5
3.12.0-6
3.12.0-7
3.12.1-2
3.12.2-1
3.12.2-4build3
3.12.2-4build4
3.12.2-5ubuntu3
3.12.3-1
3.12.3-1ubuntu0.1
3.12.3-1ubuntu0.2
3.12.3-1ubuntu0.3
3.12.3-1ubuntu0.4
3.12.3-1ubuntu0.5
3.12.3-1ubuntu0.6
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "idle-python3.12"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "libpython3.12-dev"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "libpython3.12-minimal"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "libpython3.12-stdlib"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "libpython3.12-testsuite"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "libpython3.12t64"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "libpython3.12t64-dbg"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "python3.12"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "python3.12-dbg"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "python3.12-dev"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "python3.12-doc"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "python3.12-examples"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "python3.12-full"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "python3.12-minimal"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "python3.12-nopie"
},
{
"binary_version": "3.12.3-1ubuntu0.7",
"binary_name": "python3.12-venv"
}
],
"availability": "No subscription required"
}
Ubuntu:25.04 / python3.13
Package
- Name
- python3.13
- Purl
- pkg:deb/ubuntu/python3.13@3.13.3-1ubuntu0.2?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.13.3-1ubuntu0.2
Affected versions
3.*
3.13.0-1
3.13.0-2
3.13.1-2
3.13.1-3
3.13.2-1
3.13.2-2
3.13.2-3
3.13.3-1
3.13.3-1ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "idle-python3.13"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "libpython3.13"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "libpython3.13-dbg"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "libpython3.13-dev"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "libpython3.13-minimal"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "libpython3.13-stdlib"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "libpython3.13-testsuite"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-dbg"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-dev"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-doc"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-examples"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-full"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-gdbm"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-minimal"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-nopie"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-tk"
},
{
"binary_version": "3.13.3-1ubuntu0.2",
"binary_name": "python3.13-venv"
}
],
"availability": "No subscription required"
}