Python could be made to overwrite files.
Software Description:
- python3.13: An interactive high-level object-oriented language
- python3.12: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled tar archive extraction
with the filtering option. An attacker could possibly use this issue to
modify files in arbitrary filesystem locations and cause data loss.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3.13 3.13.3-1ubuntu0.2 Ubuntu 24.10 python3.12 3.12.7-1ubuntu2.2 python3.13 3.13.0-1ubuntu0.3 Ubuntu 24.04 LTS python3.12 3.12.3-1ubuntu0.7 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7583-1
CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435,
CVE-2025-4517
Get the latest Linux and open source security news straight to your inbox.