drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in Python
Name: |
Mangelnde Eingabeprüfung in Python |
|
ID: |
USN-6941-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 24.04 LTS |
|
Datum: |
Fr, 2. August 2024, 06:27 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4032 |
|
Applikationen: |
Python |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4695906777754698532== Content-Language: en-CA Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------fv2R0fs1Mcfb7NEIMYhl1nvv"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------fv2R0fs1Mcfb7NEIMYhl1nvv Content-Type: multipart/mixed; boundary="------------OHy7FV5YMSPaXsUT8Ai3KhJo"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <7804700e-8bc0-4684-8e58-0f024f3b696b@canonical.com> Subject: [USN-6941-1] Python vulnerability Autocrypt-Gossip: addr=security@ubuntu.com; keydata= xsFNBF7HusQBEADHo6tQYXvxFcsmh1TW7uO5iJODq86SLfHg4GakjZuwqK3kIDeHmfEBgT4s +2+xXO8T5Q7ivna2K7bpcuUc33smqxX+vaMvaEACPyObGEtQ70irhG5NGN6neNIFVQyD3IBo zxFEq71rkcl0l2QUaQegfmSCrDBDq7tH40ZFfzfqIhDEd1b8b6pHmLImXnFpQ6TFgsRwMbF6 KFRgBWk0YWxY33oalw+fyle2zTWiwI3kw5XP+Xjs9f/C7b63t9Cl1wUdxVCQn1+Jq1mKL/Of G/G3RHuC3tovU6JvF45Lv8kAGMpHkM9Nm9ptlT50lcZU2Nc2m34G/i4gPeAeHboQmc+ORNC9 w7DhUseg1W48jEWriUW5CA29r9pqU+vjRafYIBsqtchXasqtcuzeDd5Witezo3tV1eyvJy38 lKoENPA0cODDkuINmrVZt98dBjGnmKZHUa9HpmEyJ/LxfLK61mFLf3NQfPYeTpt/ML7Mb4CU TkPxs8LiigJgbGuCffbdvdyZLsxM+YLspak4XMfErpv+f2awOBgb+M6oOuvtb53r7BIu2AVH Od+U4URcg4rW/EWH4xVfedpMyIsDUSrP99rfufEBioTwRDxsrntwOXvfCRc2WaVLMbqODYIX jC+AynbHqEkQZVxDEuRS3pjoDnJ7R7piBHy7iL5Wb9nVihamSwARAQABzSVVYnVudHUgU2Vj dXJpdHkgPHNlY3VyaXR5QHVidW50dS5jb20+wsGUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQW AgMBAh4BAheAFiEEQHJg92Fuzk2dEkYnmOl0DcNFOeAFAmRREggFCQss8cQACgkQmOl0DcNF OeCbiQ//RdpnfN5oJ/Px1IQLFA0x6kEZAUjNpN1Mupfb52oX+dg774r/TawIc7tUE+o/WKuC Lh+0JI8HF8OIlN9cm+RrixQGll482qFWcWw/Nb7nnFtvwOCxlaTABGttEmesAZ125p6W7KIR 6bRGxTXJ5Z50TLNUyBmc3+G3/hZigsFLBI/9GGzKCWNxobDfM9IQCknie/yfJ1NVeRoyXUpK dfgq9Pl/ohvR3BMrvw1XMTuxQn4C1cRcv+Wle/L/cq4fv3BLySYWElgeoKa2ozj9Fq2LRXF6 uzO2QaTnfvOk1AdTUFev8lGSVb76nPOvnHcaTTsgRlwmdjTNDEKqSC8h5ZzjaWmPpMCZeY0/ yTOnVlF5gercYD4utmSEcHMpBqNP1RZPt9SbN6x5v1l/tIA10TTi0UwnhklIsUqEUKXM/FKi YDJtzrLevdiPMoSOFCq/GY7fphisyXPL8teMLf5QFJ4WaLJdY1JQVMc5whlWj5SPOdWpQ08U aAX+bP822ZZ/6GKax+I2g9UN5itsNNz3GGs928zBCbzqAwmhat1LwbhS0Q9gAmrb8l0aPlYe 9raaTAx/sZc8h11ivSNMExiB+W6184nuPgdqqH5cUPdNpDvvijOH18zj+BwGQ4pf8YyzDLqR Ng6BHrdsPgaQwbVVckiKvXP6vzrlruyiwRhKMZXf+MXOwU0EXse6xAEQAMbDPCAsziHrqt7T wGMAywGwEh0ADKf+KAL7Wpfpg/Vzeh/4ruQcbOSb83agupq5EJ1jP+JJRZ3nXq0Lhe0vRRzG YQJC9uYuHcWNpMY3HMPhSVBYEUr2dmVku6pREoTlUnNtf8ikbI2Hi7RiJ8Dz8s76lNA1t5Ow Yf6fw0lJ/5AsZ0KtL28kvZLM77UFSRcgaZyZxt2IQwDnn+YHyhuOtxbrX7yXhkjS/4KdfaUa 7SN5QY7Cx8wPL9SPjnP0Tqg9SYlZy8D+bRZD+a7ZFeq1vyweCvDsBcCuMNEbMlVpOmCdTipS T2pdvcgaFW6WLX5oUZWRxqsBMVmMFuk+ck5hi0mKgWCaah7l2R7tDh9hY8PIpXigLoc8c8Jw +x4GFAe0OtU1/9METCtUJ/7dcmWREkLUsU7XqPwG2y+qIDrmZR6arlHMVxF43JZF9mY/ZZHO cnPP60c8qcScV4iLhA9hI7SuY1kfNr011zOuCxf+MwvQfeM0e/aKrpPrZNRxLK3ox73FDxeN 4t+tTdW2Ln7MqorVhtdiJMiTZLt2cptOqQLWzBSwrcceBkHlysgtK9wdeDw1pbHNlG2SxJq+ ge0zUIZ+ztFs82AGtiEcEXRjtmX9WF5/uFVPj+ZuYT4Rve5Zb8ama6dlD1WR5V9DI+xGIr+t d35cwCXde0HaCI+iNDXxABEBAAHCwXwEGAEKACYCGwwWIQRAcmD3YW7OTZ0SRieY6XQNw0U5 4AUCZFESMwUJCyzx7wAKCRCY6XQNw0U54MOOEACWJmWWJVB6JokT23ByG8qVcPpZFXn6sX1D ZyuiWY/X/PgPkYxOmo3Q9ZutoaYLEeqRptSDOfgFS0oD78qjxDh/zSeCqgwmCAhfkH53jJ/L bhEwKt79o/PDLEWaYI915UKNpLark2ZuL+iQSSCLhywlzWrT47d7JqndYBgL3ukuQ+LflcoF g6RwayUjzGtnWJGN2Pg+BKS8x01AfIFtvn3QhSnBKUxmHneb+iq8bG/tbGoTXTrGmNHNqB7x inPt74a+kZRWNBZ28wwf7FQ7nXk8B6kBA6THs3IRew0u3U1qwYSp6v0QVYwj6o+FGSpQdwDW KnrHUc7oxrk2pfGY0PPdgcpBKuQ2bhlufLsLwe277zA7Mb36pVaUuf3a7Mswl3oUC8+Si4J9 HmhthRX9GythWEyUCK2q9LZncaBJMi4Levdc2dkaSVNq166OxJ61fxtlmyHJpBrRPLc2TIxQ 98v9fYwUVTGvHsneiZH0oxDXqdJs2zgkzVxktLp6mOWZtntu4SJexytJvEjJDMkPweq0PuDX pyEsNdweH0vWueQiCNYaFHVuCTBmcGbpF+MxtB+WijbpeJGRyciYfmqk7XuUNOLU7mXotPiE ALhdY3Z4JCTuKN+xJT+5vkXRVEsOjibTelUIdFkcSHsJ64yoLJ11fhZdaQx5HnfbHpsqjI5I oA==
--------------OHy7FV5YMSPaXsUT8Ai3KhJo Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6941-1 August 01, 2024
python3.12 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Python could allow unintended access to network services.
Software Description: - python3.12: An interactive high-level object-oriented language
Details:
It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04 LTS python3.12 3.12.3-1ubuntu0.1 python3.12-minimal 3.12.3-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6941-1 CVE-2024-4032
Package Information: https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.1
--------------OHy7FV5YMSPaXsUT8Ai3KhJo--
--------------fv2R0fs1Mcfb7NEIMYhl1nvv Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmarjNoACgkQZWnYVadE vpPYWQ//TuldV9DcyV+swDpuqetyFLRrAn7vPh1MlU8I3I+V9MxsINBYZRfacW7i mxf887DWsP7a3qsagIiVEXPUiwUqiKMKMFHG9CE4NLZ1vFODZhZhLx5xIYJqYN8h OmV/wuPR9tx8JNNrKwTJSUt7bmeTSkGNoHnYg0YhJ4lpFpP48o6hoOoV8ZChUYGC ul/nfZKOFEzPOBInr0uZpWQU6tDLUiP7FD3WY2ynf9ZSqhgI9TaDKXHgS40apdRO ANBkfuQ/dS6hnmfaKGDDI25rR2wvSI1Oih//csZI8vaFVF0fZm/JNGCD+QHpYbZv ujaS9LluPme3RzQ1AFHAVsQdvbl4MhL1VzOgiJQSawgiOFYY1MFAhmqNwhVqeMrn C2Dd65vRg83iEp1JnZoWBTA9sUqLTl4R5BaSPHTf4QHY2/VtKrNcWLsHvijhsPaT 0h0Q/3VQh2DxVagAsyLd57nHYagd4Q9UjUeO0RlJmBV0u2nL49UUIq64ozliwpsr OQq8B38kFSEylI4Gu97dl/8nBxhuQT+3puH6qtU9BBBogj1H5p+YqmYri2D5EjX5 SnZ1CD5vUarka/AsyxBx1f0d8VnIm5iXpm2Kp5h0WTwCN2Nma1eqZ0tcYwLzod5R eHQc6g167I0w5scf07RT1REx8Jk5IU7PbGTvYujpI6UasSqi00k= =hSqQ -----END PGP SIGNATURE-----
--------------fv2R0fs1Mcfb7NEIMYhl1nvv--
--===============4695906777754698532== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============4695906777754698532==--
|
|
|
|