Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS USN-6513-1 Critical: Python DoS And TLS Handshake

ubuntu
Calendar Grey November 23, 2023
Dist Ubuntu Esm H88
A range of Python vulnerabilities fixed in Ubuntu LTS releases, providing crucial patches to bolster overall security.
Several security issues were fixed in Python.

Summary

Several security issues were fixed in Python.

Software Description:

- python2.7: An interactive high-level object-oriented language

- python3.6: An interactive high-level object-oriented language

- python3.5: An interactive high-level object-oriented language

Details:

It was discovered that Python incorrectly handled certain plist files.

If a user or an automated system were tricked into processing a specially

crafted plist file, an attacker could possibly use this issue to consume

resources, resulting in a denial of service. (CVE-2022-48564)

It was discovered that Python instances of ssl.SSLSocket were vulnerable

to a bypass of the TLS handshake. An attacker could possibly use this

issue to cause applications to treat unauthenticated received data before

TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   python2.7                       2.7.17-1~18.04ubuntu1.13+esm4
   python3.6                       3.6.9-1~18.04ubuntu1.13+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   python2.7                       2.7.12-1ubuntu0~16.04.18+esm9
   python3.5                       3.5.2-2ubuntu0~16.04.13+esm12

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   python2.7                       2.7.6-8ubuntu0.6+esm18

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6513-1

  CVE-2022-48564, CVE-2023-40217

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6513-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here