Wednesday, November 29, 2023

[USN-6524-1] PyPy vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmVnd3UACgkQZWnYVadE
vpNc7A/6AjkozDtf3lOlYbYBYQE4W76UaQAX2+a9LbQyD1amYcOJCdNMLpx0sO4r
TkR60niTQEK3Ju2HhTe4JVhKmwDE0OD06bWuKqdYMaG8U16Yya15orF4QW+aKY/F
9ew7nXbkMrC1Ywnzlp/sB6quTeMUIupB6AGuDvwNWYEe++uqVSseBVTixGSFHbwl
pF6oy3tq7DdUzkxVobd+SX0cGFg6n49znhAqALgNYb7QWUxWv380uSBjOzguMCT9
oNZ0xbIRxGZJNbPcFL/QO8pgJ3Y/nPykj2iKR7QnwglJELAXlBINxM+Y4Am8qilZ
auqQsgVHPvABnCV1Pxal3yqiELmLBza2zvzBSMe6IoUs3oIuSYSH/pqs8LaCke3V
QamMoAbRu0yssdLVuuwyS1sEP6fQ9DBeBIayXUuvxNspaE7epbvHk/byAbUxUkp1
RFnWvnk1JnrfMkYNme18TeW6ImhT6Vu9PJPnfW74UqqkCmic/UShx1IAy3lVWARk
vriqllFXbxPh+XkPgDUshG3VslXWtrhXHG7GWYIHaf1SMi/XXl4azXghKASMXe7t
9G9YDdAE+pJdnUhaROy+IRiPmJuPfQXRkNcdzKqbtHcZzrkqSpgeAtdshLUJAa0U
wtC3THtocuEtmF4NIi68/hboytGwcOLfEOlEYMcyMsI1mB8AZyI=
=v78h
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6524-1
November 29, 2023

pypy3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

PyPy could be made to crash or run programs if it received specially
crafted data.

Software Description:
- pypy3: fast alternative implementation of Python 3.x

Details:

Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3
operations. An attacker could possibly use this issue to cause PyPy to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
pypy3 7.3.9+dfsg-1ubuntu0.1

Ubuntu 20.04 LTS:
pypy3 7.3.1+dfsg-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6524-1
CVE-2022-37454

Package Information:
https://launchpad.net/ubuntu/+source/pypy3/7.3.9+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/pypy3/7.3.1+dfsg-4ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)