[USN-8225-1] Python marshmallow vulnerabilities

========================================================================== Ubuntu Security Notice USN-8225-1 April 30, 2026 python-marshmallow vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Python marshmallow. Software Description: - python-marshmallow: ORM/ODM/framework-agnostic library for converting complex datatypes. Details: Jared Deckard discovered that Python marshmallow did not correctly handle hiding certain fields. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-17175) It was discovered that Python marshmallow did not efficiently handle merging certain objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2025-68480) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS python3-marshmallow 3.26.1-0.4ubuntu0.1~esm1 Available with Ubuntu Pro python3-marshmallow-doc 3.26.1-0.4ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 24.04 LTS python3-marshmallow 3.20.1-1.1ubuntu0.1~esm1 Available with Ubuntu Pro python3-marshmallow-doc 3.20.1-1.1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS python3-marshmallow 3.13.0-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-marshmallow-doc 3.13.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS python3-marshmallow 3.4.0-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-marshmallow-doc 3.4.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS python3-marshmallow 3.0.0b3-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-marshmallow-doc 3.0.0b3-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8225-1 CVE-2018-17175, CVE-2025-68480