virtualenv could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- python-virtualenv: tool to create isolated Python environments
Details:
USN-7271-1 fixed a vulnerability in virtualenv. This update provides the
corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
It was discovered that virtualenv incorrectly handled paths when
activating virtual environments. An attacker could possibly use this issue
to execute arbitrary code.
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-virtualenv 20.25.0+ds-2ubuntu0.1~esm1 Available with Ubuntu Pro virtualenv 20.25.0+ds-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7271-2
https://ubuntu.com/security/notices/USN-7271-1
CVE-2024-53899
Get the latest Linux and open source security news straight to your inbox.