[prev in list] [next in list] [prev in thread] [next in thread]
List: ubuntu-security-announce
Subject: [USN-5888-1] Python vulnerabilities
From: Amir Naseredini <amir.naseredini () canonical ! com>
Date: 2023-02-28 9:48:34
Message-ID: 41f1b6cc-8cf4-a110-69cd-ebd1e77f1830 () canonical ! com
[Download RAW message or body]
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
[Attachment #2 (multipart/mixed)]
[Attachment #4 (multipart/mixed)]
[Attachment #6 (multipart/alternative)]
[Attachment #8 (text/plain)]
==========================================================================
Ubuntu Security Notice USN-5888-1
February 27, 2023
python3.9 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.9: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2015-20107)
Hamza Avvan discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2021-28861)
It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-37454, CVE-2022-42919)
It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-45061, CVE-2023-24329)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
python3.9 3.9.5-3ubuntu0~20.04.1+esm1
python3.9-minimal 3.9.5-3ubuntu0~20.04.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5888-1
<https://ubuntu.com/security/notices/USN-5888-1>
CVE-2015-20107, CVE-2021-28861, CVE-2022-37454, CVE-2022-42919,
CVE-2022-45061, CVE-2023-24329
Package Information:
https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3ubuntu0~20.04.1+esm1
<https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3ubuntu0~20.04.1+esm1>
[Attachment #9 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="gmail_quote">==============================<wbr>==============================<wbr>==============<br>
Ubuntu Security Notice USN-5888-1<br>
February 27, 2023<br>
<br>
python3.9 vulnerabilities<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 20.04 LTS<br>
<br>
Summary:<br>
<br>
Several security issues were fixed in Python.<br>
<br>
Software Description:<br>
- python3.9: An interactive high-level object-oriented language<br>
<br>
Details:<br>
<br>
It was discovered that Python incorrectly handled certain inputs.
If a<br>
user or an automated system were tricked into opening a specially<br>
crafted input file, a remote attacker could possibly use this
issue to<br>
execute arbitrary code. (CVE-2015-20107)<br>
<br>
Hamza Avvan discovered that Python incorrectly handled certain
inputs. If a<br>
user or an automated system were tricked into running a specially<br>
crafted input, a remote attacker could possibly use this issue to
execute<br>
arbitrary code. (CVE-2021-28861)<br>
<br>
It was discovered that Python incorrectly handled certain inputs.
If a<br>
user or an automated system were tricked into running a specially<br>
crafted input, a remote attacker could possibly use this issue to
execute<br>
arbitrary code. (CVE-2022-37454, CVE-2022-42919)<br>
<br>
It was discovered that Python incorrectly handled certain inputs.
If a<br>
user or an automated system were tricked into running a specially<br>
crafted input, a remote attacker could possibly use this issue to
cause a<br>
denial of service. (CVE-2022-45061, CVE-2023-24329)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 20.04 LTS:<br>
python3.9 3.9.5-3ubuntu0~20.04.1+esm1<br>
python3.9-minimal 3.9.5-3ubuntu0~20.04.1+esm1<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<span> </span><a
href="https://ubuntu.com/security/notices/USN-5888-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices \
/USN-5888-1&source=gmail&ust=1677662844818000&usg=AOvVaw2f3-D77CHLrZG0ZjTBHv_v"
style="color: rgb(17, 85, \
204);">https://ubuntu.com/security/no<wbr>tices/USN-5888-1</a><br>
CVE-2015-20107, CVE-2021-28861, CVE-2022-37454, CVE-2022-42919,<br>
CVE-2022-45061, CVE-2023-24329<br>
<br>
Package Information:<br>
<span> </span><a
href="https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3ubuntu0~20.04.1+esm1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsou \
rce/python3.9/3.9.5-3ubuntu0~20.04.1%2Besm1&source=gmail&ust=1677662844818000&usg=AOvVaw0kY1Mc9eqBlCJfmvlNFIqX"
style="color: rgb(17, 85, \
204);">https://launchpad.net/ubuntu/+<wbr>source/python3.9/3.9.5-3ubuntu<wbr>0~20.04.1+esm1</a><br>
</div>
<br clear="all">
<div><br style="color: rgb(34, 34, 34); font-family: Arial,
Helvetica, sans-serif; font-size: small; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); text-decoration-thickness: initial; text-decoration-style:
initial; text-decoration-color: initial;">
<br>
</div>
<p></p>
</body>
</html>
["OpenPGP_0x56383E35D153B8B2.asc" (application/pgp-keys)]
["OpenPGP_signature.asc" (application/pgp-signature)]
[Attachment #12 (unknown)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic