Sicherheit: Denial of Service in Mako

Lesezeichen hinzufügen

--===============6097609853117919825==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="gBBFr7Ir9EOA20Yy"
Content-Disposition: inline

--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-5625-1
September 21, 2022

mako vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

Mako could be made to denial of service if it received a
specially crafted regular expression.

Software Description:
- mako: documentation for the Mako Python library

Details:

It was discovered that Mako incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
python3-mako 1.1.3+ds1-2ubuntu0.1

Ubuntu 20.04 LTS:
python-mako 1.1.0+ds1-1ubuntu2.1
python3-mako 1.1.0+ds1-1ubuntu2.1

Ubuntu 18.04 LTS:
python-mako 1.0.7+ds1-1ubuntu0.2
python3-mako 1.0.7+ds1-1ubuntu0.2

Ubuntu 16.04 ESM:
python-mako 1.0.3+ds1-1ubuntu1+esm1
python3-mako 1.0.3+ds1-1ubuntu1+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5625-1
CVE-2022-40023

Package Information:
https://launchpad.net/ubuntu/+source/mako/1.1.3+ds1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/mako/1.1.0+ds1-1ubuntu2.1
https://launchpad.net/ubuntu/+source/mako/1.0.7+ds1-1ubuntu0.2

--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmMrD5oACgkQRbznW4QL
H2lGMQ//SEPRNH6NlTTsTrU4K/BBEIQnAsPoqoTNIEU3/TZa7cBcAYLfOlnyf1OY
52hfAXMKf4RfxKkLj7rD8uh93aNnjBJVB/A9UkL5vV0qEIyVfVYlXZ5dkzqkvOVt
y+qkueBy0F944Y/qsn7MTXSehBI1WT+sQa9Q7wECC8PP200tZv5GCyfsnPHSTlqu
wsLQA7XMZC9rl5kGAVLX9SO++wwGS/4dMWTwrytgEdl9DV+5D2UBeIokeOlHp5la
0OxziwikskHpe+m6tFdtXTfTk5Ijlw6djpCMw1YYA2j2e2XV6Wu6A2769lI8QIgF
z66d5NbYWmIiE8o/dGU3gFxRo6Tefm53iYm+b/0XxgEUkJh58uUYLGs9xMWpcCwA
Paa8zFx2mJDYA19I9gD3IEZ6js44y4vlSsTkFOgkakidVOERpRoBgUgMrJnRQ0nO
EC9suofBnT7fVxHiRUv1zFRclrDGcF88vRfLgmOtY8jlmVRIWT+H0IdgP3AJiiIb
ZVqItipByukEAAYh64Vkr1AtAPRblOhzGhsrOCPHnoe6JWbN5npYlVpU048PX4FI
aZDANa5cY8YqGOMgqAu2WPFAPXVTyTdAa5hOjbiq5HHUKFw7WYU6PGnTn5177PY8
skQi8XGPZwHMZ701Km3jV32odHl6OwxEqIuC6GSyyvFOaBBxk8U=
=x3ZM
-----END PGP SIGNATURE-----

--gBBFr7Ir9EOA20Yy--

--===============6097609853117919825==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--===============6097609853117919825==--