Ubuntu 22.10, 22.04 LTS USN-5960-1 Moderate: Python Bypass Threat
Mar 20, 2023
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
Python could be made to bypass blocklisting methods if a specially crafted URL was provided.
=========================================================================Ubuntu Security Notice USN-5960-1 March 16, 2023 python2.7, python3.10, python3.5, python3.6, python3.8 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Python could be made to bypass blocklisting methods if a specially crafted URL was provided. Software Description: - python3.10: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Details: Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: python3.10 3.10.7-1ubuntu0.3 Ubuntu 22.04 LTS: python3.10 3.10.6-1~22.04.2ubuntu1 Ubuntu 20.04 LTS: python3.8 3.8.10-0ubuntu1~20.04.7 Ubuntu 18.04 LTS: python2.7 2.7.17-1~18.04ubuntu1.11 python3.6 3.6.9-1~18.04ubuntu1.12 Ubuntu 16.04 ESM: python2.7 2.7.12-1ubuntu0~16.04.18+esm4 python3.5 3.5.2-2ubuntu0~16.04.13+esm7 Ubuntu 14.04 ESM: python2.7 2.7.6-8ubuntu0.6+esm14 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5960-1 CVE-2023-24329 Package Information: https://launchpad.net/ubuntu/+source/python3.10/3.10.7-1ubuntu0.3 https://launchpad.net/ubuntu/+source/python3.10/3.10.6-1~22.04.2ubuntu1 https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.7 https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.11 https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.12
PREVIOUS
NEXT
Ubuntu 22.10, 22.04 LTS USN-5960-1 Moderate: Python Bypass Threat
ubuntu
March 20, 2023
Python could be made to bypass blocklisting methods if a specially crafted URL was provided.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: python3.10 3.10.7-1ubuntu0.3 Ubuntu 22.04 LTS: python3.10 3.10.6-1~22.04.2ubuntu1 Ubuntu 20.04 LTS: python3.8 3.8.10-0ubuntu1~20.04.7 Ubuntu 18.04 LTS: python2.7 2.7.17-1~18.04ubuntu1.11 python3.6 3.6.9-1~18.04ubuntu1.12 Ubuntu 16.04 ESM: python2.7 2.7.12-1ubuntu0~16.04.18+esm4 python3.5 3.5.2-2ubuntu0~16.04.13+esm7 Ubuntu 14.04 ESM: python2.7 2.7.6-8ubuntu0.6+esm14 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5960-1
CVE-2023-24329
Severity
important
Lowest
Low
Medium
High
Critical
March 16, 2023
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/python3.10/3.10.7-1ubuntu0.3 https://launchpad.net/ubuntu/+source/python3.10/3.10.6-1~22.04.2ubuntu1 https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.7 https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.11 https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.12
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!