Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 16.04 Python Critical Denial of Service Vulnerability USN-8524-1

ubuntu
Calendar Grey July 9, 2026
Dist Ubuntu Esm H88
A modification to Ubuntu 16.04 addressing critical Python crash risk due to input handling flaws. Updates are recommended.
Python could be made to crash if it received specially crafted input.

Summary

Python could be made to crash if it received specially crafted

input.

Software Description:

- python2.7: An interactive high-level object-oriented language

- python3.5: An interactive high-level object-oriented language

Details:

It was discovered that Python did not use sufficient entropy for Expat

hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree

modules. An attacker could use this to cause a denial of service via a

crafted XML document.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  idle-python2.7                  2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  idle-python3.5                  3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython2.7                    2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython2.7-dev                2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython2.7-minimal            2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython2.7-stdlib             2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython2.7-testsuite          2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  libpython3.5                    3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython3.5-dev                3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython3.5-minimal            3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython3.5-stdlib             3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  libpython3.5-testsuite          3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python2.7                       2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python2.7-dev                   2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python2.7-doc                   2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python2.7-examples              2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python2.7-minimal               2.7.12-1ubuntu0~16.04.18+esm20
                                  Available with Ubuntu Pro
  python3.5                       3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-dev                   3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-doc                   3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-examples              3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-minimal               3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro
  python3.5-venv                  3.5.2-2ubuntu0~16.04.13+esm23
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8524-1

CVE-2026-7210

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8524-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.