python-virtualenv could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- python-virtualenv: Python virtual environment creator
Details:
It was discovered that virtualenv incorrectly handled paths when activating
virtual environments. An attacker could possibly use this issue to execute
arbitrary code.
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS python3-virtualenv 20.13.0+ds-2ubuntu0.1~esm1 Available with Ubuntu Pro virtualenv 20.13.0+ds-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS python3-virtualenv 20.0.17-1ubuntu0.4+esm1 Available with Ubuntu Pro virtualenv 20.0.17-1ubuntu0.4+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7271-1
CVE-2024-53899
Get the latest Linux and open source security news straight to your inbox.