Python3 versions prior to February 16. 2021 has a vulnerability (CVE 2021-3177). I see that the current version of python3.7 on ubuntu 18.04 is 3.7.5. The CVE is fixed in python 3.7.10.
How is this usually handled? Will ubuntu usually create a new package with python 3.7.10 that has the fix, or do users normally compile from source or use pyenv if they want the latest version?
So long as you installed a package through one of Canonical's official channels and are running a supported release of Ubuntu (or are part of the Extended Support program), they take care of updates. You will not need to do anything beyond sudo apt upgrade. That said, some updates may take longer than others depending on the severity of the issue.
You can find specific information about CVE-2021-3177 on the security website, including which versions have the bug and the status of the update.
thunderbirdpackage for a stable release; warnings went out about this). You can use https://people.canonical.com/~ubuntu-security/cve/ to look up fixes for various CVEs – guiverc Feb 23 '21 at 22:51