Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

Ubuntu 16.04 ESM USN-5767-2 Moderate: Python Denial Of Service

ubuntu
Calendar Grey December 8, 2022
Dist Ubuntu Esm H88
Patch for Python DDoS vulnerability on Ubuntu 14.04 and 16.04 ESM. Ensure your systems are updated for enhanced security.
Python could be made to denial of service if it received a specially crafted IDNA input.

Summary

Python could be made to denial of service if it received

a specially crafted IDNA input.

Software Description:

- python2.7: An interactive high-level object-oriented language

- python3.5: An interactive high-level object-oriented language

Details:

USN-5767-1 fixed a vulnerability in Python. This update provides

the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Python incorrectly handled certain IDNA inputs.

An attacker could possibly use this issue to expose sensitive information

denial of service, or cause a crash.

(CVE-2022-45061)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  libpython2.7                    2.7.12-1ubuntu0~16.04.18+esm3
  libpython3.5                    3.5.2-2ubuntu0~16.04.13+esm6
  python2.7                       2.7.12-1ubuntu0~16.04.18+esm3
  python3.5                       3.5.2-2ubuntu0~16.04.13+esm6

Ubuntu 14.04 ESM:
  libpython2.7                    2.7.6-8ubuntu0.6+esm13
  python2.7                       2.7.6-8ubuntu0.6+esm13

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5767-2

https://ubuntu.com/security/notices/USN-5767-1

CVE-2022-45061

December 08, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.