Login
Newsletter
Werbung

Sicherheit: Mangelnde Eingabeprüfung in Python
Aktuelle Meldungen Distributionen
Name: Mangelnde Eingabeprüfung in Python
ID: USN-6941-1
Distribution: Ubuntu
Plattformen: Ubuntu 24.04 LTS
Datum: Fr, 2. August 2024, 06:27
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4032
Applikationen: Python

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4695906777754698532==
Content-Language: en-CA
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------fv2R0fs1Mcfb7NEIMYhl1nvv"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------fv2R0fs1Mcfb7NEIMYhl1nvv
Content-Type: multipart/mixed;
boundary="------------OHy7FV5YMSPaXsUT8Ai3KhJo";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <7804700e-8bc0-4684-8e58-0f024f3b696b@canonical.com>
Subject: [USN-6941-1] Python vulnerability
Autocrypt-Gossip: addr=security@ubuntu.com; keydata=
xsFNBF7HusQBEADHo6tQYXvxFcsmh1TW7uO5iJODq86SLfHg4GakjZuwqK3kIDeHmfEBgT4s
+2+xXO8T5Q7ivna2K7bpcuUc33smqxX+vaMvaEACPyObGEtQ70irhG5NGN6neNIFVQyD3IBo
zxFEq71rkcl0l2QUaQegfmSCrDBDq7tH40ZFfzfqIhDEd1b8b6pHmLImXnFpQ6TFgsRwMbF6
KFRgBWk0YWxY33oalw+fyle2zTWiwI3kw5XP+Xjs9f/C7b63t9Cl1wUdxVCQn1+Jq1mKL/Of
G/G3RHuC3tovU6JvF45Lv8kAGMpHkM9Nm9ptlT50lcZU2Nc2m34G/i4gPeAeHboQmc+ORNC9
w7DhUseg1W48jEWriUW5CA29r9pqU+vjRafYIBsqtchXasqtcuzeDd5Witezo3tV1eyvJy38
lKoENPA0cODDkuINmrVZt98dBjGnmKZHUa9HpmEyJ/LxfLK61mFLf3NQfPYeTpt/ML7Mb4CU
TkPxs8LiigJgbGuCffbdvdyZLsxM+YLspak4XMfErpv+f2awOBgb+M6oOuvtb53r7BIu2AVH
Od+U4URcg4rW/EWH4xVfedpMyIsDUSrP99rfufEBioTwRDxsrntwOXvfCRc2WaVLMbqODYIX
jC+AynbHqEkQZVxDEuRS3pjoDnJ7R7piBHy7iL5Wb9nVihamSwARAQABzSVVYnVudHUgU2Vj
dXJpdHkgPHNlY3VyaXR5QHVidW50dS5jb20+wsGUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQW
AgMBAh4BAheAFiEEQHJg92Fuzk2dEkYnmOl0DcNFOeAFAmRREggFCQss8cQACgkQmOl0DcNF
OeCbiQ//RdpnfN5oJ/Px1IQLFA0x6kEZAUjNpN1Mupfb52oX+dg774r/TawIc7tUE+o/WKuC
Lh+0JI8HF8OIlN9cm+RrixQGll482qFWcWw/Nb7nnFtvwOCxlaTABGttEmesAZ125p6W7KIR
6bRGxTXJ5Z50TLNUyBmc3+G3/hZigsFLBI/9GGzKCWNxobDfM9IQCknie/yfJ1NVeRoyXUpK
dfgq9Pl/ohvR3BMrvw1XMTuxQn4C1cRcv+Wle/L/cq4fv3BLySYWElgeoKa2ozj9Fq2LRXF6
uzO2QaTnfvOk1AdTUFev8lGSVb76nPOvnHcaTTsgRlwmdjTNDEKqSC8h5ZzjaWmPpMCZeY0/
yTOnVlF5gercYD4utmSEcHMpBqNP1RZPt9SbN6x5v1l/tIA10TTi0UwnhklIsUqEUKXM/FKi
YDJtzrLevdiPMoSOFCq/GY7fphisyXPL8teMLf5QFJ4WaLJdY1JQVMc5whlWj5SPOdWpQ08U
aAX+bP822ZZ/6GKax+I2g9UN5itsNNz3GGs928zBCbzqAwmhat1LwbhS0Q9gAmrb8l0aPlYe
9raaTAx/sZc8h11ivSNMExiB+W6184nuPgdqqH5cUPdNpDvvijOH18zj+BwGQ4pf8YyzDLqR
Ng6BHrdsPgaQwbVVckiKvXP6vzrlruyiwRhKMZXf+MXOwU0EXse6xAEQAMbDPCAsziHrqt7T
wGMAywGwEh0ADKf+KAL7Wpfpg/Vzeh/4ruQcbOSb83agupq5EJ1jP+JJRZ3nXq0Lhe0vRRzG
YQJC9uYuHcWNpMY3HMPhSVBYEUr2dmVku6pREoTlUnNtf8ikbI2Hi7RiJ8Dz8s76lNA1t5Ow
Yf6fw0lJ/5AsZ0KtL28kvZLM77UFSRcgaZyZxt2IQwDnn+YHyhuOtxbrX7yXhkjS/4KdfaUa
7SN5QY7Cx8wPL9SPjnP0Tqg9SYlZy8D+bRZD+a7ZFeq1vyweCvDsBcCuMNEbMlVpOmCdTipS
T2pdvcgaFW6WLX5oUZWRxqsBMVmMFuk+ck5hi0mKgWCaah7l2R7tDh9hY8PIpXigLoc8c8Jw
+x4GFAe0OtU1/9METCtUJ/7dcmWREkLUsU7XqPwG2y+qIDrmZR6arlHMVxF43JZF9mY/ZZHO
cnPP60c8qcScV4iLhA9hI7SuY1kfNr011zOuCxf+MwvQfeM0e/aKrpPrZNRxLK3ox73FDxeN
4t+tTdW2Ln7MqorVhtdiJMiTZLt2cptOqQLWzBSwrcceBkHlysgtK9wdeDw1pbHNlG2SxJq+
ge0zUIZ+ztFs82AGtiEcEXRjtmX9WF5/uFVPj+ZuYT4Rve5Zb8ama6dlD1WR5V9DI+xGIr+t
d35cwCXde0HaCI+iNDXxABEBAAHCwXwEGAEKACYCGwwWIQRAcmD3YW7OTZ0SRieY6XQNw0U5
4AUCZFESMwUJCyzx7wAKCRCY6XQNw0U54MOOEACWJmWWJVB6JokT23ByG8qVcPpZFXn6sX1D
ZyuiWY/X/PgPkYxOmo3Q9ZutoaYLEeqRptSDOfgFS0oD78qjxDh/zSeCqgwmCAhfkH53jJ/L
bhEwKt79o/PDLEWaYI915UKNpLark2ZuL+iQSSCLhywlzWrT47d7JqndYBgL3ukuQ+LflcoF
g6RwayUjzGtnWJGN2Pg+BKS8x01AfIFtvn3QhSnBKUxmHneb+iq8bG/tbGoTXTrGmNHNqB7x
inPt74a+kZRWNBZ28wwf7FQ7nXk8B6kBA6THs3IRew0u3U1qwYSp6v0QVYwj6o+FGSpQdwDW
KnrHUc7oxrk2pfGY0PPdgcpBKuQ2bhlufLsLwe277zA7Mb36pVaUuf3a7Mswl3oUC8+Si4J9
HmhthRX9GythWEyUCK2q9LZncaBJMi4Levdc2dkaSVNq166OxJ61fxtlmyHJpBrRPLc2TIxQ
98v9fYwUVTGvHsneiZH0oxDXqdJs2zgkzVxktLp6mOWZtntu4SJexytJvEjJDMkPweq0PuDX
pyEsNdweH0vWueQiCNYaFHVuCTBmcGbpF+MxtB+WijbpeJGRyciYfmqk7XuUNOLU7mXotPiE
ALhdY3Z4JCTuKN+xJT+5vkXRVEsOjibTelUIdFkcSHsJ64yoLJ11fhZdaQx5HnfbHpsqjI5I
oA==

--------------OHy7FV5YMSPaXsUT8Ai3KhJo
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-6941-1
August 01, 2024

python3.12 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Python could allow unintended access to network services.

Software Description:
- python3.12: An interactive high-level object-oriented language

Details:

It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered “private” or
“globally reachable”. This could possibly result in applications applying
incorrect security policies.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
python3.12 3.12.3-1ubuntu0.1
python3.12-minimal 3.12.3-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6941-1
CVE-2024-4032

Package Information:
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.1

--------------OHy7FV5YMSPaXsUT8Ai3KhJo--

--------------fv2R0fs1Mcfb7NEIMYhl1nvv
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmarjNoACgkQZWnYVadE
vpPYWQ//TuldV9DcyV+swDpuqetyFLRrAn7vPh1MlU8I3I+V9MxsINBYZRfacW7i
mxf887DWsP7a3qsagIiVEXPUiwUqiKMKMFHG9CE4NLZ1vFODZhZhLx5xIYJqYN8h
OmV/wuPR9tx8JNNrKwTJSUt7bmeTSkGNoHnYg0YhJ4lpFpP48o6hoOoV8ZChUYGC
ul/nfZKOFEzPOBInr0uZpWQU6tDLUiP7FD3WY2ynf9ZSqhgI9TaDKXHgS40apdRO
ANBkfuQ/dS6hnmfaKGDDI25rR2wvSI1Oih//csZI8vaFVF0fZm/JNGCD+QHpYbZv
ujaS9LluPme3RzQ1AFHAVsQdvbl4MhL1VzOgiJQSawgiOFYY1MFAhmqNwhVqeMrn
C2Dd65vRg83iEp1JnZoWBTA9sUqLTl4R5BaSPHTf4QHY2/VtKrNcWLsHvijhsPaT
0h0Q/3VQh2DxVagAsyLd57nHYagd4Q9UjUeO0RlJmBV0u2nL49UUIq64ozliwpsr
OQq8B38kFSEylI4Gu97dl/8nBxhuQT+3puH6qtU9BBBogj1H5p+YqmYri2D5EjX5
SnZ1CD5vUarka/AsyxBx1f0d8VnIm5iXpm2Kp5h0WTwCN2Nma1eqZ0tcYwLzod5R
eHQc6g167I0w5scf07RT1REx8Jk5IU7PbGTvYujpI6UasSqi00k=
=hSqQ
-----END PGP SIGNATURE-----

--------------fv2R0fs1Mcfb7NEIMYhl1nvv--


--===============4695906777754698532==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============4695906777754698532==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung