[USN-8214-1] NLTK vulnerability

========================================================================== Ubuntu Security Notice USN-8214-1 April 28, 2026 nltk vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: NLTK could be made to crash or run programs as your login if it opened a specially crafted zip file. Software Description: - nltk: Natural Language Toolkit Details: It was discovered that NLTK incorrectly handled file extraction when opening a maliciously crafted zip file. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-nltk 3.8.1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS python3-nltk 3.7-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS python3-nltk 3.4.5-2ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS python-nltk 3.2.5-1ubuntu0.1+esm3 Available with Ubuntu Pro python3-nltk 3.2.5-1ubuntu0.1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS python-nltk 3.1-1ubuntu0.1+esm3 Available with Ubuntu Pro python3-nltk 3.1-1ubuntu0.1+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS python-nltk 2.0~b9-0ubuntu4.1~esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8214-1 CVE-2025-14009