USN-7951-1: Python vulnerability

USN-7951-1: Python vulnerability

Publication date: 12 January 2026
Overview:Python could be made to crash if it received specially crafted network traffic.

Packages

• python3.10 - An interactive high-level object-oriented language
• python3.11 - An interactive high-level object-oriented language
• python3.12 - An interactive high-level object-oriented language
• python3.13 - An interactive high-level object-oriented language
• python3.14 - An interactive high-level object-oriented language
• python3.8 - An interactive high-level object-oriented language
• python3.9 - An interactive high-level object-oriented language

Details
It was discovered that Python’s http.client did not properly handle the
Content-Length header in HTTP responses. A malicious server could exploit
this to cause Python to allocate excessive memory, leading to a denial of
service.

Update instructions
In general, a standard system update will make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

25.10 questing

• libpython3.13 – 3.13.7-1ubuntu0.2
• libpython3.14 – 3.14.0-1ubuntu0.1
• python3.13 – 3.13.7-1ubuntu0.2
• python3.14 – 3.14.0-1ubuntu0.1

25.04 plucky

• libpython3.13 – 3.13.3-1ubuntu0.5
• python3.13 – 3.13.3-1ubuntu0.5

24.04 LTS noble

• libpython3.12t64 – 3.12.3-1ubuntu0.10
• python3.12 – 3.12.3-1ubuntu0.10

22.04 LTS jammy

• libpython3.10 – 3.10.12-1~22.04.13
• libpython3.11 – 3.11.0~rc1-1~22.04.1~esm7
• python3.10 – 3.10.12-1~22.04.13
• python3.11 – 3.11.0~rc1-1~22.04.1~esm7

20.04 LTS focal

• libpython3.8 – 3.8.10-0ubuntu1~20.04.18+esm4
• libpython3.9 – 3.9.5-3ubuntu0~20.04.1+esm8
• python3.8 – 3.8.10-0ubuntu1~20.04.18+esm4
• python3.9 – 3.9.5-3ubuntu0~20.04.1+esm8

18.04 LTS bionic

• libpython3.8 – 3.8.0-3ubuntu1~18.04.2+esm8
• python3.8 – 3.8.0-3ubuntu1~18.04.2+esm8