Ubuntu Security Notice 5767-1 - Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.
7c1e978b221fce1e3215a3c441af36781bffe05e45a13e452423ec7ff4141283
=========================================================================
Ubuntu Security Notice USN-5767-1
December 08, 2022
python2.7, python3.10, python3.6, python3.8 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.10: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python2.7: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
Details:
Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
(CVE-2022-37454)
It was discovered that Python incorrectly handled certain IDNA inputs.
An attacker could possibly use this issue to expose sensitive information
denial of service, or cause a crash.
(CVE-2022-45061)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libpython3.10 3.10.7-1ubuntu0.2
python3.10 3.10.7-1ubuntu0.2
Ubuntu 22.04 LTS:
libpython3.10 3.10.6-1~22.04.2
python3.10 3.10.6-1~22.04.2
Ubuntu 20.04 LTS:
libpython3.8 3.8.10-0ubuntu1~20.04.6
python3.8 3.8.10-0ubuntu1~20.04.6
Ubuntu 18.04 LTS:
libpython2.7 2.7.17-1~18.04ubuntu1.10
libpython3.6 3.6.9-1~18.04ubuntu1.9
python2.7 2.7.17-1~18.04ubuntu1.10
python3.6 3.6.9-1~18.04ubuntu1.9
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5767-1
CVE-2022-37454, CVE-2022-45061
Package Information:
https://launchpad.net/ubuntu/+source/python3.10/3.10.7-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python3.10/3.10.6-1~22.04.2
https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.6
https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.10
https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.9