Explore top 10 tips to secure your open-source projects now. Read More
×
Python could be made to denial of service if it received
a specially crafted IDNA input.
Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
Details:
USN-5767-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Python incorrectly handled certain IDNA inputs.
An attacker could possibly use this issue to expose sensitive information
denial of service, or cause a crash.
(CVE-2022-45061)
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libpython2.7 2.7.12-1ubuntu0~16.04.18+esm3 libpython3.5 3.5.2-2ubuntu0~16.04.13+esm6 python2.7 2.7.12-1ubuntu0~16.04.18+esm3 python3.5 3.5.2-2ubuntu0~16.04.13+esm6 Ubuntu 14.04 ESM: libpython2.7 2.7.6-8ubuntu0.6+esm13 python2.7 2.7.6-8ubuntu0.6+esm13 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5767-2
https://ubuntu.com/security/notices/USN-5767-1
CVE-2022-45061
Get the latest Linux and open source security news straight to your inbox.