Ubuntu Security Notice USN-6780-1

Ubuntu Security Notice USN-6780-1: Posted May 21, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6780-1 - Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2024-3651; SHA-256 | bbb048cf814f6806a645c6dc9c2a5fdd98efe4048d43ea84e67590f8f5bad561; Download | Favorite | View

Ubuntu Security Notice USN-6780-1

==========================================================================
Ubuntu Security Notice USN-6780-1
May 21, 2024

python-idna vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

idna could be made to consume significant resources if it receives a specially crafted input.

Software Description:
- python-idna: Python IDNA2008 (RFC 5891) handling

Details:

Guido Vranken discovered that idna did not properly manage certain inputs,
which could lead to significant resource consumption. An attacker could
possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   python3-idna                    3.6-2ubuntu0.1

Ubuntu 23.10
   python3-idna                    3.3-2ubuntu0.1

Ubuntu 22.04 LTS
   python3-idna                    3.3-1ubuntu0.1

Ubuntu 20.04 LTS
   python-idna                     2.8-1ubuntu0.1
   python3-idna                    2.8-1ubuntu0.1

Ubuntu 18.04 LTS
   pypy-idna                       2.6-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   python-idna                     2.6-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   python3-idna                    2.6-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   pypy-idna                       2.0-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   python-idna                     2.0-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   python3-idna                    2.0-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6780-1
   CVE-2024-3651

Package Information:
   https://launchpad.net/ubuntu/+source/python-idna/3.6-2ubuntu0.1
   https://launchpad.net/ubuntu/+source/python-idna/3.3-2ubuntu0.1
   https://launchpad.net/ubuntu/+source/python-idna/3.3-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/python-idna/2.8-1ubuntu0.1

Top Authors In Last 30 Days

Red Hat 306 files
Ubuntu 80 files
Debian 15 files
Ahmet Umit Bayram 8 files
tmrswrr 4 files
Furkan Eren Tetik 4 files
Amit Roy 4 files
Jann Horn 4 files
Google Security Research 4 files
ron190 3 files

File Archives

Systems

AIX (429)
Apple (2,089)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,057)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,005)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (16,061)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,574)
UNIX (9,417)
UnixWare (187)
Windows (6,662)
Other

Ubuntu Security Notice USN-6780-1

Ubuntu Security Notice USN-6780-1

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6780-1

Share This

Ubuntu Security Notice USN-6780-1

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems