Alerts This Week
Warning Icon 1 1,161
Alerts This Week
Warning Icon 1 1,161

Ubuntu 22.04 LTS: USN-7015-2 moderate: Python DoS threats

ubuntu
Calendar Grey September 19, 2024
Dist Ubuntu Esm H88
Protecting applications is crucial in programming, especially with Python. Recent Ubuntu updates address vulnerabilities like remote code execution, ensuring security.
Several security issues were fixed in Python.

Summary

Several security issues were fixed in Python.

Software Description:

- python2.7: An interactive high-level object-oriented language

- python3.5: An interactive high-level object-oriented language

Details:

USN-7015-1 fixed several vulnerabilities in Python. This update provides

one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,

Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for

python3.5 for Ubuntu 16.04 LTS.

Original advisory details:

 It was discovered that Python allowed excessive backtracking while

 parsing certain tarfile headers. A remote attacker could possibly use

 this issue to cause Python to consume resources, leading to a denial

 of service. This issue only affected python3.5 for

 Ubuntu 16.04 LTS (CVE-2024-6232)

 It was discovered that the Python http.cookies module incorrectly

 handled parsing cookies that contained backslashes for quoted

 characters. A remote attacker could possibl...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service software fix ubuntu python update resource consumption

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   python2.7                       2.7.18-13ubuntu1.2+esm2
                                   Available with Ubuntu Pro
   python2.7-minimal               2.7.18-13ubuntu1.2+esm2
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   python2.7                       2.7.18-1~20.04.4+esm2
                                   Available with Ubuntu Pro
   python2.7-minimal               2.7.18-1~20.04.4+esm2
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   python2.7                       2.7.17-1~18.04ubuntu1.13+esm5
                                   Available with Ubuntu Pro
   python2.7-minimal               2.7.17-1~18.04ubuntu1.13+esm5
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   python2.7                       2.7.12-1ubuntu0~16.04.18+esm10
                                   Available with Ubuntu Pro
   python2.7-minimal               2.7.12-1ubuntu0~16.04.18+esm10
                                   Available with Ubuntu Pro
   python3.5                       3.5.2-2ubuntu0~16.04.13+esm14
                                   Available with Ubuntu Pro
   python3.5-minimal               3.5.2-2ubuntu0~16.04.13+esm14
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7015-2

https://ubuntu.com/security/notices/USN-7015-1

  CVE-2024-6232, CVE-2024-7592

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service software fix ubuntu python update resource consumption

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here