USN-7951-1: Python vulnerability | Ubuntu security notices

Packages

python3.10 - An interactive high-level object-oriented language
python3.11 - An interactive high-level object-oriented language
python3.12 - An interactive high-level object-oriented language
python3.13 - An interactive high-level object-oriented language
python3.14 - An interactive high-level object-oriented language
python3.8 - An interactive high-level object-oriented language
python3.9 - An interactive high-level object-oriented language

Details

It was discovered that Python's http.client did not properly handle the
Content-Length header in HTTP responses. A malicious server could exploit
this to cause Python to allocate excessive memory, leading to a denial of
service.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
25.10 questing	libpython3.13 – 3.13.7-1ubuntu0.2
	libpython3.14 – 3.14.0-1ubuntu0.1
	python3.13 – 3.13.7-1ubuntu0.2
	python3.14 – 3.14.0-1ubuntu0.1
25.04 plucky	libpython3.13 – 3.13.3-1ubuntu0.5
25.04 plucky	python3.13 – 3.13.3-1ubuntu0.5
24.04 LTS noble	libpython3.12t64 – 3.12.3-1ubuntu0.10
24.04 LTS noble	python3.12 – 3.12.3-1ubuntu0.10
22.04 LTS jammy	libpython3.10 – 3.10.12-1~22.04.13
	libpython3.11 – 3.11.0~rc1-1~22.04.1~esm7
	python3.10 – 3.10.12-1~22.04.13
	python3.11 – 3.11.0~rc1-1~22.04.1~esm7
20.04 LTS focal	libpython3.8 – 3.8.10-0ubuntu1~20.04.18+esm4
	libpython3.9 – 3.9.5-3ubuntu0~20.04.1+esm8
	python3.8 – 3.8.10-0ubuntu1~20.04.18+esm4
	python3.9 – 3.9.5-3ubuntu0~20.04.1+esm8
18.04 LTS bionic	libpython3.8 – 3.8.0-3ubuntu1~18.04.2+esm8
18.04 LTS bionic	python3.8 – 3.8.0-3ubuntu1~18.04.2+esm8

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

CVE-2025-13836

CVE-2025-13836