Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 22.04 LTS USN-7015-3 critical: python denial of service

ubuntu
Calendar Grey October 1, 2024
Dist Ubuntu Esm H88
Updates for Python 2.7 and Python 3.5 within Ubuntu tackle various security flaws, significantly improving overall system safety and efficiency.
Python could be made to bypass some restrictions if it received specially crafted input.

Summary

Python could be made to bypass some restrictions if it received specially

crafted input.

Software Description:

- python2.7: An interactive high-level object-oriented language

- python3.5: An interactive high-level object-oriented language

Details:

USN-7015-1 fixed several vulnerabilities in Python. This update provides

the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04

LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for

python3.5 in Ubuntu 16.04 LTS.

Original advisory details:

It was discovered that the Python email module incorrectly parsed email

addresses that contain special characters. A remote attacker could

possibly use this issue to bypass certain protection mechanisms.

(CVE-2023-27043)

It was discovered that Python allowed excessive backtracking while parsing

certain tarfile headers. A remote attacker could possibly use this issue

to cause Python to consume resources, leading to a denial of ser...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  python2.7                       2.7.18-13ubuntu1.2+esm3
                                  Available with Ubuntu Pro
  python2.7-minimal               2.7.18-13ubuntu1.2+esm3
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  python2.7                       2.7.18-1~20.04.4+esm3
                                  Available with Ubuntu Pro
  python2.7-minimal               2.7.18-1~20.04.4+esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  python2.7                       2.7.17-1~18.04ubuntu1.13+esm6
                                  Available with Ubuntu Pro
  python2.7-minimal               2.7.17-1~18.04ubuntu1.13+esm6
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  python2.7                       2.7.12-1ubuntu0~16.04.18+esm11
                                  Available with Ubuntu Pro
  python2.7-minimal               2.7.12-1ubuntu0~16.04.18+esm11
                                  Available with Ubuntu Pro
  python3.5                       3.5.2-2ubuntu0~16.04.13+esm15
                                  Available with Ubuntu Pro
  python3.5-minimal               3.5.2-2ubuntu0~16.04.13+esm15
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7015-3

https://ubuntu.com/security/notices/USN-7015-2

https://ubuntu.com/security/notices/USN-7015-1

CVE-2023-27043

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7015-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here