'[USN-5888-1] Python vulnerabilities'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ubuntu-security-announce
Subject:    [USN-5888-1] Python vulnerabilities
From:       Amir Naseredini <amir.naseredini () canonical ! com>
Date:       2023-02-28 9:48:34
Message-ID: 41f1b6cc-8cf4-a110-69cd-ebd1e77f1830 () canonical ! com
[Download RAW message or body]

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
[Attachment #2 (multipart/mixed)]

[Attachment #4 (multipart/mixed)]

[Attachment #6 (multipart/alternative)]

[Attachment #8 (text/plain)]

==========================================================================
Ubuntu Security Notice USN-5888-1
February 27, 2023

python3.9 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Python.

Software Description:
- python3.9: An interactive high-level object-oriented language

Details:

It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2015-20107)

Hamza Avvan discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2021-28861)

It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-37454, CVE-2022-42919)

It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-45061, CVE-2023-24329)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   python3.9                       3.9.5-3ubuntu0~20.04.1+esm1
   python3.9-minimal               3.9.5-3ubuntu0~20.04.1+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5888-1 
<https://ubuntu.com/security/notices/USN-5888-1>
   CVE-2015-20107, CVE-2021-28861, CVE-2022-37454, CVE-2022-42919,
   CVE-2022-45061, CVE-2023-24329

Package Information:
https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3ubuntu0~20.04.1+esm1 
<https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3ubuntu0~20.04.1+esm1>




[Attachment #9 (text/html)]

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="gmail_quote">==============================<wbr>==============================<wbr>==============<br>
  Ubuntu Security Notice USN-5888-1<br>
      February 27, 2023<br>
      <br>
      python3.9 vulnerabilities<br>
      ==============================<wbr>==============================<wbr>==============<br>
  <br>
      A security issue affects these releases of Ubuntu and its
      derivatives:<br>
      <br>
      - Ubuntu 20.04 LTS<br>
      <br>
      Summary:<br>
      <br>
      Several security issues were fixed in Python.<br>
      <br>
      Software Description:<br>
      - python3.9: An interactive high-level object-oriented language<br>
      <br>
      Details:<br>
      <br>
      It was discovered that Python incorrectly handled certain inputs.
      If a<br>
      user or an automated system were tricked into opening a specially<br>
      crafted input file, a remote attacker could possibly use this
      issue to<br>
      execute arbitrary code. (CVE-2015-20107)<br>
      <br>
      Hamza Avvan discovered that Python incorrectly handled certain
      inputs. If a<br>
      user or an automated system were tricked into running a specially<br>
      crafted input, a remote attacker could possibly use this issue to
      execute<br>
      arbitrary code. (CVE-2021-28861)<br>
      <br>
      It was discovered that Python incorrectly handled certain inputs.
      If a<br>
      user or an automated system were tricked into running a specially<br>
      crafted input, a remote attacker could possibly use this issue to
      execute<br>
      arbitrary code. (CVE-2022-37454, CVE-2022-42919)<br>
      <br>
      It was discovered that Python incorrectly handled certain inputs.
      If a<br>
      user or an automated system were tricked into running a specially<br>
      crafted input, a remote attacker could possibly use this issue to
      cause a<br>
      denial of service. (CVE-2022-45061, CVE-2023-24329)<br>
      <br>
      Update instructions:<br>
      <br>
      The problem can be corrected by updating your system to the
      following<br>
      package versions:<br>
      <br>
      Ubuntu 20.04 LTS:<br>
         python3.9                                   3.9.5-3ubuntu0~20.04.1+esm1<br>
         python3.9-minimal                       3.9.5-3ubuntu0~20.04.1+esm1<br>
      <br>
      In general, a standard system update will make all the necessary
      changes.<br>
      <br>
      References:<br>
        <span>  </span><a
        href="https://ubuntu.com/security/notices/USN-5888-1"
        rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices \
/USN-5888-1&amp;source=gmail&amp;ust=1677662844818000&amp;usg=AOvVaw2f3-D77CHLrZG0ZjTBHv_v"
                
        style="color: rgb(17, 85, \
                204);">https://ubuntu.com/security/no<wbr>tices/USN-5888-1</a><br>
         CVE-2015-20107, CVE-2021-28861, CVE-2022-37454, CVE-2022-42919,<br>
         CVE-2022-45061, CVE-2023-24329<br>
      <br>
      Package Information:<br>
        <span>  </span><a
href="https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3ubuntu0~20.04.1+esm1"
        rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsou \
rce/python3.9/3.9.5-3ubuntu0~20.04.1%2Besm1&amp;source=gmail&amp;ust=1677662844818000&amp;usg=AOvVaw0kY1Mc9eqBlCJfmvlNFIqX"
                
        style="color: rgb(17, 85, \
204);">https://launchpad.net/ubuntu/+<wbr>source/python3.9/3.9.5-3ubuntu<wbr>0~20.04.1+esm1</a><br>
  </div>
    <br clear="all">
    <div><br style="color: rgb(34, 34, 34); font-family: Arial,
        Helvetica, sans-serif; font-size: small; font-style: normal;
        font-variant-ligatures: normal; font-variant-caps: normal;
        font-weight: 400; letter-spacing: normal; orphans: 2;
        text-align: start; text-indent: 0px; text-transform: none;
        white-space: normal; widows: 2; word-spacing: 0px;
        -webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
        255); text-decoration-thickness: initial; text-decoration-style:
        initial; text-decoration-color: initial;">
      <br>
    </div>
    <p></p>
  </body>
</html>


["OpenPGP_0x56383E35D153B8B2.asc" (application/pgp-keys)]
["OpenPGP_signature.asc" (application/pgp-signature)]
[Attachment #12 (unknown)]




[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic