Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 22.10: USN-5817-1 Critical: Python-Setuptools Denial Of Service

ubuntu
Calendar Grey January 23, 2023
Dist Ubuntu Esm H88
In January 2023, Ubuntu Security Notice USN-5817-1 revealed critical vulnerabilities in python-setuptools, prompting users to update to prevent crashes and instability
Setuptools could be made to crash if it received specially crafted input.

Summary

Setuptools could be made to crash if it received specially crafted input.

Software Description:

- python-setuptools: Python Distutils Enhancements

- setuptools: Python Distutils Enhancements

Details:

Sebastian Chnelik discovered that setuptools incorrectly handled

certain regex inputs. An attacker could possibly use this issue

to cause a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   pypy-setuptools                 44.1.1-1.2ubuntu0.22.10.1
   python-setuptools               44.1.1-1.2ubuntu0.22.10.1
   python3-setuptools              59.6.0-1.2ubuntu0.22.10.1

Ubuntu 22.04 LTS:
   pypy-setuptools                 44.1.1-1.2ubuntu0.22.04.1
   python-setuptools               44.1.1-1.2ubuntu0.22.04.1
   python3-setuptools              59.6.0-1.2ubuntu0.22.04.1

Ubuntu 20.04 LTS:
   pypy-setuptools                 44.0.0-2ubuntu0.1
   python-setuptools               44.0.0-2ubuntu0.1
   python3-setuptools              45.2.0-1ubuntu0.1

Ubuntu 18.04 LTS:
   pypy-setuptools                 39.0.1-2ubuntu0.1
   python-setuptools               39.0.1-2ubuntu0.1
   python3-setuptools              39.0.1-2ubuntu0.1

Ubuntu 16.04 ESM:
   pypy-setuptools                 20.7.0-1ubuntu0.1~esm1
   python-setuptools               20.7.0-1ubuntu0.1~esm1
   python3-setuptools              20.7.0-1ubuntu0.1~esm1

Ubuntu 14.04 ESM:
   python-setuptools               3.3-1ubuntu2+esm1
   python3-setuptools              3.3-1ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5817-1

  CVE-2022-40897

Severity
critical
Lowest
Low
Medium
High
Critical

January 23, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here