Ubuntu Security Notice USN-5960-1

Ubuntu Security Notice USN-5960-1: Posted Mar 20, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5960-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters.; tags | advisory, python; systems | linux, ubuntu; advisories | CVE-2023-24329; SHA-256 | 727432be8aaebcbbf1e8da1308a8110c3c6dc6fb3ff312a8e8e10aae1adc194b; Download | Favorite | View

Ubuntu Security Notice USN-5960-1

==========================================================================
Ubuntu Security Notice USN-5960-1
March 16, 2023

python2.7, python3.10, python3.5, python3.6, python3.8 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Python could be made to bypass blocklisting methods if a specially
crafted URL was provided.

Software Description:
- python3.10: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python2.7: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language

Details:

Yebo Cao discovered that Python incorrectly handled certain URLs.
An attacker could possibly use this issue to bypass blocklisting
methods by supplying a URL that starts with blank characters.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  python3.10                      3.10.7-1ubuntu0.3

Ubuntu 22.04 LTS:
  python3.10                      3.10.6-1~22.04.2ubuntu1

Ubuntu 20.04 LTS:
  python3.8                       3.8.10-0ubuntu1~20.04.7

Ubuntu 18.04 LTS:
  python2.7                       2.7.17-1~18.04ubuntu1.11
  python3.6                       3.6.9-1~18.04ubuntu1.12

Ubuntu 16.04 ESM:
  python2.7                       2.7.12-1ubuntu0~16.04.18+esm4
  python3.5                       3.5.2-2ubuntu0~16.04.13+esm7

Ubuntu 14.04 ESM:
  python2.7                       2.7.6-8ubuntu0.6+esm14

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5960-1
  CVE-2023-24329

Package Information:
  https://launchpad.net/ubuntu/+source/python3.10/3.10.7-1ubuntu0.3
  https://launchpad.net/ubuntu/+source/python3.10/3.10.6-1~22.04.2ubuntu1
  https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.7
  https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.11
  https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.12

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Ubuntu Security Notice USN-5960-1

Ubuntu Security Notice USN-5960-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-5960-1

Share This

Ubuntu Security Notice USN-5960-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems