Skip to content

DLPX-97865 Ubuntu Security Notification for Python Vulnerabilities (USN-8509-1)#399

Open
prakashsurya wants to merge 1 commit into
releasefrom
projects/cve-python3.12-usn-8509-1
Open

DLPX-97865 Ubuntu Security Notification for Python Vulnerabilities (USN-8509-1)#399
prakashsurya wants to merge 1 commit into
releasefrom
projects/cve-python3.12-usn-8509-1

Conversation

@prakashsurya

@prakashsurya prakashsurya commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Backports the Ubuntu USN-8509-1 python3.12 security update (3.12.3-1ubuntu0.15) to the release-track appliance via the misc-debs extension point. The release build (2026.4.0.0) installs 3.12.3-1ubuntu0.13, which is still vulnerable to these CVEs.

Remediates:

Changes:

  • packages/misc-debs/config.sh: five sha256-pinned debs=() entries — the python3.12 binaries the appliance installs — under a comment block naming the USN, Jira tickets, CVEs, and the Ubuntu archive source.
  • .debs uploaded to http://artifactory.delphix.com/artifactory/linux-pkg/misc-debs/:
    • libpython3.12-minimal_3.12.3-1ubuntu0.15_amd64.deb
    • libpython3.12-stdlib_3.12.3-1ubuntu0.15_amd64.deb
    • libpython3.12t64_3.12.3-1ubuntu0.15_amd64.deb
    • python3.12_3.12.3-1ubuntu0.15_amd64.deb
    • python3.12-minimal_3.12.3-1ubuntu0.15_amd64.deb

Fetched from the Ubuntu 24.04 LTS (noble) noble-security/noble-updates archive.

Test plan

  • PR check passes (make shellcheck + make shfmtcheck — both clean locally on this branch).
  • misc-debs Jenkins pre-push job resolves all five artifactory URLs with matching sha256s.
  • git-ab-pre-push builds an appliance image with 3.12.3-1ubuntu0.15 replacing 0.13; pre-checkin regression passes.
  • On a VM from the resulting image: dpkg-query -W python3.12 reports 3.12.3-1ubuntu0.15.

🤖 Generated with Claude Code

Testing Done

ab-pre-push build #14506: IN PROGRESS

…9-1)

Pin the fixed Ubuntu USN-8509-1 python3.12 binaries (3.12.3-1ubuntu0.15)
into the release appliance via misc-debs. Remediates CVE-2026-6100 (DLPX-97878),
CVE-2025-69534 (DLPX-97875), CVE-2026-4786 (DLPX-97873), CVE-2026-4224
(DLPX-97869), and CVE-2026-3644 (DLPX-97865). The release build ships
3.12.3-1ubuntu0.13.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@prakashsurya prakashsurya enabled auto-merge (squash) July 9, 2026 23:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant