Setuptools could be made to crash if it received specially crafted input.
Software Description:
- python-setuptools: Python Distutils Enhancements
- setuptools: Python Distutils Enhancements
Details:
Sebastian Chnelik discovered that setuptools incorrectly handled
certain regex inputs. An attacker could possibly use this issue
to cause a denial of service.
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: pypy-setuptools 44.1.1-1.2ubuntu0.22.10.1 python-setuptools 44.1.1-1.2ubuntu0.22.10.1 python3-setuptools 59.6.0-1.2ubuntu0.22.10.1 Ubuntu 22.04 LTS: pypy-setuptools 44.1.1-1.2ubuntu0.22.04.1 python-setuptools 44.1.1-1.2ubuntu0.22.04.1 python3-setuptools 59.6.0-1.2ubuntu0.22.04.1 Ubuntu 20.04 LTS: pypy-setuptools 44.0.0-2ubuntu0.1 python-setuptools 44.0.0-2ubuntu0.1 python3-setuptools 45.2.0-1ubuntu0.1 Ubuntu 18.04 LTS: pypy-setuptools 39.0.1-2ubuntu0.1 python-setuptools 39.0.1-2ubuntu0.1 python3-setuptools 39.0.1-2ubuntu0.1 Ubuntu 16.04 ESM: pypy-setuptools 20.7.0-1ubuntu0.1~esm1 python-setuptools 20.7.0-1ubuntu0.1~esm1 python3-setuptools 20.7.0-1ubuntu0.1~esm1 Ubuntu 14.04 ESM: python-setuptools 3.3-1ubuntu2+esm1 python3-setuptools 3.3-1ubuntu2+esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5817-1
CVE-2022-40897
Get the latest Linux and open source security news straight to your inbox.