Monday, January 20, 2025

[USN-7219-1] Python vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeOjyIFAwAAAAAACgkQZWnYVadEvpNB
PQ/8C0xpI44hgMtbb46A6215nmJvh7V/qF5+ia+CwwGOcQOV4DZE+lvnY9LbDhKWIkIP75/m193Z
jAlh4Q7FPByufvmdVMEK3dxtsMRok7ugQTgs+7nC4wf6pPFkZUN0BSNNc8L9x3k4zX890XTqXS8g
pYVXXz3kPNe+m0WGV7oKxaz8HgzVN4zLB2sSypZdwm69cBbs92sFgl6Puv4wt2RZwKKwzE3QROUR
+GDePegWMIFb2+i8xtp7gZjPEIPsyFLEo6A8Z6RawJJFiiiYF7jLUx4IbT8zoGNouu5D9RS/Qs34
XQ1jGUYWDNnRXO/mja9ZHK45ULuaX+y3Z5fRPu3ao50g374iPzbLnk9YPDGIzj2RuA6C5RXWW7GY
nvTX5On8BV4XgX+W2oP3yN2Zy25+/EbzNp2AHFnP4S9/I1PphpljNweFqxt7Forq1Zt4vGXrNG97
WD+znybnYzAwbAe5jDxNhqMgEMh6Py29Ol4LR2n8cWaEU3FVB9mDuWSEbr5/k6vB8RUCxc6PLonq
61pKWeYFRXp+aygoTOPtQKHIuzujR9W9irZacw/w7HBJwdANFeU67CaVWCjebsxcSpoTG8C1SKd8
Dtt0o7an+a3iH1R/+H+fwUrSCssLto8G8x+UTI7iWZqEG0EZbG/fjduL43TdmV/aRJ6sb/lAEGrZ
IOc=
=sVG3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7219-1
January 20, 2025

python3.12 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Python could be made to consume resources if it received specially crafted
network traffic.

Software Description:
- python3.12: An interactive high-level object-oriented language

Details:

It was discovered that Python incorrectly handled asyncio write buffers. A
remote attacker could possibly use this issue to cause Python to consume
memory, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
python3.12 3.12.7-1ubuntu1.1
python3.12-minimal 3.12.7-1ubuntu1.1

Ubuntu 24.04 LTS
python3.12 3.12.3-1ubuntu0.4
python3.12-minimal 3.12.3-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7219-1
CVE-2024-12254

Package Information:
https://launchpad.net/ubuntu/+source/python3.12/3.12.7-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.4

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)