[USN-5888-1] Python vulnerabilities

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGO/60oBDADb8Iw1QscMxjlKh+9QZcJ6NQwruJEuvbH4qi6hRKJt3441GR2F
sJRcmGrQOp87R2QdMoRSaifa96QOWLVu740PVq4/ztQkoqyB7yVMxc8L986H79xL
b+pcExy4Rvn++CQyTJ2/L/QEaOzN/Rq8ZCCDLtWUwxYOwYKZCW3Hw1/Fjzs0kpz6
oNlX4jiq76tJmA7vuVCydB9FuuC7/6K7/wUZrm2sHMnQ3JSv3G2vhHI0KANyVPIB
fNGplCqGc3aSRMIJ04KVukuzVPUKeLqkfLydiwdmG/IuS4jpWGL1bSWRPds0W2Ct
/N7hFcStudDlbV36DhGdpMeDxrhLL9aRpeZQro1LGhHHAA4oadE20vk1+9JS2pQC
CjtxxWnyDsC9j5eXN8Gr61yiLorxIRzO37arPVLxFMjafrP0rAweTivWCp2C+BOm
FsNilHHr57pDQOmc3LXDqdz8qqSVHaAK0CEH3YQA5ZUnWDbjj2D8aHcvrwSAk8pl
OxFmmOns8W6p/eEAEQEAAc1BQW1pciBOYXNlcmVkaW5pIChQcml2YXRlIEVtYWls
IEFkZHJlc3MpIDxzYWhuYXNlcmVkaW5pQGdtYWlsLmNvbT7CwRQEEwEKAD4WIQQt
F2HPcpjsUaJwwPxWOD410VO4sgUCY7/sHAIbAwUJA8JnAAULCQgHAwUVCgkICwUW
AgMBAAIeAQIXgAAKCRBWOD410VO4spcWDACioxx6/W7LDOkfKGx741eFLTHjeOR0
RMGL20Qd6cK4pdFjfrHU3PPBXKlZBSAT3JCcPKVE5ecu49Behqnzj4obGPJ0XBwM
hGRWeLhVQhsPmtGYy4irgXsm3+n2xbru9iq5CPobesDam6Z84OZoKDT/7XD5I8C/
ntJ8mD/+v2P4VeQ1iwvO3wAwh0zKna+Bi55mX1neLJj1T3/3+fIRnudclESE+JR0
A6309kotXRPLLse9LOzE8u3uM/zqHoJukc5G2CFbxSsdUE8MP4lQOff54vkb7NkM
hQzDDgvVKXTl5OF+gECHIeR4Dv7yjafLwt+3sDBwWK0HPaf6vvfi227G/urMKCxf
D5VWglvZfm64j0v+/apMUDtmkqw2PxFulJ8iwWA39owP0vH8jNp5YWJASOrNoDXn
nPzbvJLdy2gP59W2n038V59hH7vdA86ywmiWuP0n1pw95UjzkZiYGoaPCLrefiY9
SG5Jp3XoWVGP8mB87FfHTzccm2Dzm6pPbzHNL0FtaXIgTmFzZXJlZGluaSA8YW1p
ci5uYXNlcmVkaW5pQGNhbm9uaWNhbC5jb20+wsEXBBMBCgBBAhsDBQkDwmcABQsJ
CAcDBRUKCQgLBRYCAwEAAh4BAheAFiEELRdhz3KY7FGicMD8Vjg+NdFTuLIFAmO/
7aUCGQEACgkQVjg+NdFTuLJ9WQv/R0lA8yFIZGs2d6f3skai5QBeCGkBNdAatjeP
JNeFATvXbv8tNyXSJqhpQi2mVdNIq4uVdhzxzGbWrFGKcZh+aLNFe6XhqO/dupnm
fhAaCeTFmKlqU2VPbXGznIffK5s4IjEy0+6haF2mDwFokuav+JNFn9REPESQ9sJq
/zWC5LDm8ZzF0+ElPlJS3SrRG+BSx44qFASkbMMvKWj/huwplWOvjED6O8XU91Ii
ydlndFpk6xJE5cu3030R47Szn58z3iXTNWsWBgzVxy3rmr97MniOuLeAKWgK7NqE
TWE9OjG/lLEgtSP5suv/k07oufIAJtaIIjNZTTgyKZKfMaaKoekYCVMpXI6lwiLE
97nw4uQ/7hCi0TOzWVdOlRP58O3f3ATWyGrijn6c/N1CDAABgJvz6nJihS5Vkpc4
3qe8V3zgi173BbEpGcf2nOEMukBV4E4vNviFDNoKoUMNv+jxDiPPCDUJQa/oDxJ4
73KaXIIddyEUw3mqCRZlwtKhisy2zsDNBGO/60oBDACg+zE4kmu2CzeSFHEV/mSi
8P4u/MGN2Orq/pXFcpsN4fI3nsAS1qy7SfSmB8n6x8VZABRTPikznAochiFiD9U7
6tz7xsb5LWVXY+bdPzkMjsdB9UExhbARAiNaAZ1uvUI2YjD5+NVTDEuWpCyoVf7y
qfzth39p70KmdJE32PJC26+a7dV+dZKV7DM+pOH3PW0iXGaokzoO/hfWnIo4EanE
3IxtGG85E/PTxrSs0qDrOcQ9t0RLN0kCHwrjlDaAiN/amB4nx1BQLsUofripb10x
drLXdcGCPeqyNnuDKA++eGxMs4rf/gZqpriZe/c5GOZYOEWf94eyEfY7Ap3iXYhG
3bcNIKxikOY+N8i7CNuaZcFrosK6pGIgzUX3jCxjZpYYfP4CI1AcPPnqIgEWH4qQ
wmaWYNQ8gVQAnF097hKKbLozvKkg5App66v3DdDERKkB1YPPDPAXmQR9RiPUnXxQ
p89wveOLCemuROqq9hWnVTq+d9SElOipRXfY3r2xzTUAEQEAAcLA/AQYAQoAJhYh
BC0XYc9ymOxRonDA/FY4PjXRU7iyBQJjv+tKAhsMBQkDwmcAAAoJEFY4PjXRU7iy
ZSML/iIEflaHoQnViezZwZq0Jjwvy4SljggpUzKiF65aZK7VXd5JHH8J4cCOTJUy
0a4p+g7XMChLMVY8zj4GjnaQ9AG0LT9pvbDPNnFAQ37W8LgoSmaJ9oAo1wYbjoDJ
9wYsfATPveltC04LQ5ODH+R+3AkG15gBEX7lImyNSHabLedrYQUvAcWDo66C4Gwk
k7Q/GgwYteCwRYvG+Rmv1OWcjSZmqWJArk4vwdGuaEWmPsTldTgU0T1jjhny81eI
FYTwAtL175x+ScIhrVuvBpsxV2htrJCOPCPZTYPyd8sXZZgAfhjyAepWAqgONIoJ
Npog1dAZDpUCihQviQ0kzPokaPXKUCahY/hKm+nncKCOR/FB8l2iQHTC6rlDhZ4a
8DSRjElpOJ9Q94aWUuUEQ+7VnwBFFbTClwAo51ejvZ3ZKaEX6lAo4VMchQYpqb6A
FXf9+sS2VJ2HRD1wsHZ2hTLxApu16lVJphpGM90Zc81qc3uXR7fDTi6G0FDzRx0/
PrhDFw==
=grCX
-----END PGP PUBLIC KEY BLOCK-----

==========================================================================
Ubuntu Security Notice USN-5888-1
February 27, 2023

python3.9 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Python.

Software Description:
- python3.9: An interactive high-level object-oriented language

Details:

It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2015-20107)

Hamza Avvan discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2021-28861)

It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-37454, CVE-2022-42919)

It was discovered that Python incorrectly handled certain inputs. If a
user or an automated system were tricked into running a specially
crafted input, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-45061, CVE-2023-24329)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  python3.9                       3.9.5-3ubuntu0~20.04.1+esm1
  python3.9-minimal               3.9.5-3ubuntu0~20.04.1+esm1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5888-1
  CVE-2015-20107, CVE-2021-28861, CVE-2022-37454, CVE-2022-42919,
  CVE-2022-45061, CVE-2023-24329

Package Information:
  https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3ubuntu0~20.04.1+esm1