drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Python
Name: |
Mehrere Probleme in Python |
|
ID: |
USN-7180-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS |
|
Datum: |
Do, 9. Januar 2025, 16:14 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48565 |
|
Applikationen: |
Python |
|
Originalnachricht |
--===============8055158292628522422== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf" Content-Disposition: inline
--zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-7180-1 January 06, 2025
python2.7 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS - Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Python 2.7.
Software Description: - python2.7: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-48560)
It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity (XXE) injection, resulting in a denial of service or information disclosure. (CVE-2022-48565)
It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information. (CVE-2022-48566)
It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-24329)
It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS python2.7 2.7.18-13ubuntu1.5
Ubuntu 20.04 LTS python2.7 2.7.18-1~20.04.7
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-7180-1 CVE-2022-48560, CVE-2022-48565, CVE-2022-48566, CVE-2023-24329, CVE-2023-40217
Package Information: https://launchpad.net/ubuntu/+source/python2.7/2.7.18-13ubuntu1.5 https://launchpad.net/ubuntu/+source/python2.7/2.7.18-1~20.04.7
--zhXaljGHf11kAtnf Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmd78PkACgkQRbznW4QL H2lgkw/+Js0Wj1hh/vMGQtPbHujujyNKEvEATSHAEdxIysO7cqEpwbGnX+OnW6+g NqsihLmM08TvT1Dicf2OSF8AFBfYQWXpbyL4qVbMiEz4EWeOxAsviNPelhPxH9AT 32E5VKHO8nkCaA0yXZHaXmMHPztkHJG2yaew3zENoVRpn9G7LtboKyedZOq6yW7p LJbaDoF3gNUgcs1w12Yjkuk7QAFTnoJqLRUFujZBykrcviOQaiaXtItq4hwnxqR+ 7vcE9Pwd+ljfOmV76Ii80FLiLRooI6fjfh3X/fA+0PL70pBU1EyNAy7w38myhxxJ sHqgpoIKvwZELmrwubQOxCQmomkWT5pJJHGh953JWkuC8kPMgs6uvwX5LVt072zO WMBJRELoOXW9cjn2dFS/fuuNv8+6scxQx/mf8EUVJy3NhzkTZ2zbNGfHP1kBDB8c uDeNs9sg7y1BsRlNqpxilQcTD7leS22P+gqHbVFBV5IfVxyTdxpGvhjepeuMbQ65 U6FnXmwTZZDhlwLsUXcz5EPW/Rw04AJlXhMBu5wSCQ4rJsB6RcZ4xGfaYS6vtWYD Az8dhBDcZJ/d6k27b/Y9cQ9wDwSpWvb4iPwszm8rEqw3PKxWzbWWecqHtCABvtsM wbDWrTVyNwo13v2+ptC0TmanHz7IuvaL5Y0Bao/1dxUmFE2QqmU= =Gaj5 -----END PGP SIGNATURE-----
--zhXaljGHf11kAtnf--
--===============8055158292628522422== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
--===============8055158292628522422==--
|
|
|
|