Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Python.
Software Description:
- python3.10: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python2.7: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
Details:
Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
(CVE-2022-37454)
It was discovered that Python incorrectly handled certain IDNA inputs.
An attacker could possibly use this issue to expose sensitive information
denial of service, or cause a crash.
(CVE-2022-45061)
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libpython3.10 3.10.7-1ubuntu0.2 python3.10 3.10.7-1ubuntu0.2 Ubuntu 22.04 LTS: libpython3.10 3.10.6-1~22.04.2 python3.10 3.10.6-1~22.04.2 Ubuntu 20.04 LTS: libpython3.8 3.8.10-0ubuntu1~20.04.6 python3.8 3.8.10-0ubuntu1~20.04.6 Ubuntu 18.04 LTS: libpython2.7 2.7.17-1~18.04ubuntu1.10 libpython3.6 3.6.9-1~18.04ubuntu1.9 python2.7 2.7.17-1~18.04ubuntu1.10 python3.6 3.6.9-1~18.04ubuntu1.9 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5767-1
CVE-2022-37454, CVE-2022-45061
Get the latest Linux and open source security news straight to your inbox.