Monday, January 20, 2025

[USN-7218-1] Python vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeOjwsFAwAAAAAACgkQZWnYVadEvpO8
fhAAl65v2+y2Iz20JOhdcOc2ZExr8nXgJ+mTuTV9py/sqaz4hbQA9YKjHT1E7EBvOVy+/YK/UEbr
pQshX49HJ06NwgNUk7s6biaXiIASnXZ1shfx1K+F8mLNcFCIPgOudkfH5QagLWT7aswA94NpxXQY
EDQKpraj7i3gbkwtn7rUI7GFI6uPqXNAeH3yGrwtAtEDn0b1LfsEIz7UWew8pIbQ1ljQ7vanpukj
zoYRU122O+O9MoadzBYum2paTV/xftbvCHliTi6sYh7N3eoQPKSaSIVV7BE8rV1kC9I7g3GJciku
KQ0+FvNrHw5FDxI+TQbeKk57fYfpnpRMbW86Oo29mBUS2AfWSoEUicV9NGWH9aDBqnzGcjSHaN6S
w6mSRVPwxrBzwlmktzKCyzvt1UGXCrG/yCupR3ngaLY6YDr/vbj9C73/KmmqBXYU/0/+Ozy4172b
B+7yy9ORUv4/fF3qoDIR4N7rRUFgtcVbXtxH+Qx64qA6AYcOzgS7sQA+roUu2IAjQEx4rO+Um30k
08WPPDg2BMv3mMOODPp4Z4rzfKZ8RRoA8dwGz2+ILt8nXOrxbj/fdMeaQcZO4c0fbA/FPlfN+NNi
N4qZemwqyBto+/IAfVwWnhMTkflYZGeQvelvH1rhrXfCvooErfvlWZrcKYRQvI56g2ivWUaNjsHP
P4Y=
=hBL0
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7218-1
January 20, 2025

python3.10, python3.8 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Python could allow Server-Side Request Forgery attacks.

Software Description:
- python3.10: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language

Details:

It was discovered that Python incorrectly handled parsing bracketed hosts.
A remote attacker could possibly use this issue to perform a Server-Side
Request Forgery (SSRF) attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
python3.10 3.10.12-1~22.04.8
python3.10-minimal 3.10.12-1~22.04.8

Ubuntu 20.04 LTS
python3.8 3.8.10-0ubuntu1~20.04.14
python3.8-minimal 3.8.10-0ubuntu1~20.04.14

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7218-1
CVE-2024-11168

Package Information:
https://launchpad.net/ubuntu/+source/python3.10/3.10.12-1~22.04.8
https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.14

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)