CVE-2025-4516

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python2.7	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
python3.10	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Fixed 3.10.12-1~22.04.10
	20.04 LTS focal	Not in release
python3.11	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Fixed 3.11.0~rc1-1~22.04.1~esm4
	20.04 LTS focal	Not in release
python3.12	25.04 plucky	Not in release
	24.10 oracular	Fixed 3.12.7-1ubuntu2.1
	24.04 LTS noble	Fixed 3.12.3-1ubuntu0.6
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
python3.13	25.04 plucky	Fixed 3.13.3-1ubuntu0.1
	24.10 oracular	Needs evaluation
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
python3.14	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
python3.4	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	14.04 LTS trusty	Not affected
python3.5	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
python3.6	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Fixed 3.6.9-1~18.04ubuntu1.13+esm5
python3.7	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Fixed 3.7.5-2ubuntu1~18.04.2+esm6
python3.8	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Fixed 3.8.10-0ubuntu1~20.04.18+esm1
	18.04 LTS bionic	Fixed 3.8.0-3ubuntu1~18.04.2+esm5
python3.9	25.04 plucky	Not in release
	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Fixed 3.9.5-3ubuntu0~20.04.1+esm5

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes

hlibk

Seems to have been introduced in python3.6 with commit 5646648.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
python3.12	Upstream: 4398b78
python3.13	Upstream: 6279eb8
python3.14	Upstream: 69b4387

References

Related Ubuntu Security Notices (USN)