Sicherheit: Zwei Probleme in NLTK

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3024444222633496124==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------Q6Nei0Rm1M85dYMiE0JlKdkZ"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------Q6Nei0Rm1M85dYMiE0JlKdkZ
Content-Type: multipart/mixed;
boundary="------------TK2mZZQp7T3Dr0fZ81EzPfT0";
protected-headers="v1"
From: Bruce Cable <bruce.cable@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <b18a05af-ea0d-40af-b960-23d3900553b5@canonical.com>
Subject: [USN-7365-1] NLTK vulnerabilities

--------------TK2mZZQp7T3Dr0fZ81EzPfT0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7365-1
March 24, 2025

nltk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in NLTK.

Software Description:
- nltk: Natural Language Toolkit

Details:

It was discovered that NLTK contained a regex that is susceptible to
catastrophic backtracking. An attacker could possibly use this issue to
cause a denial of service. (CVE-2021-3842, CVE-2021-43854)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
python3-nltk                    3.4.5-2ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
python-nltk                     3.2.5-1ubuntu0.1+esm2
                                  Available with Ubuntu Pro
python3-nltk                    3.2.5-1ubuntu0.1+esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
python-nltk                     3.1-1ubuntu0.1+esm2
                                  Available with Ubuntu Pro
python3-nltk                    3.1-1ubuntu0.1+esm2
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
python-nltk                     2.0~b9-0ubuntu4.1~esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7365-1
CVE-2021-3842, CVE-2021-43854

--------------TK2mZZQp7T3Dr0fZ81EzPfT0--

--------------Q6Nei0Rm1M85dYMiE0JlKdkZ
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmfg27UFAwAAAAAACgkQuGrtzot7pOcd
kQv/W3ybzBJ/7LNztjq9MGmVLs38EQyqTUVxR8HGE8cYwHEk4Cfz8TtAnSsMjiiZ8N2IZ40Q4pug
GoBekIyadN0Il1e5WM4xca6PZ8wbEN3PnrSBM+Usu4aeW13l9WTx1i3Pnowr6J0sapGZIg6YImM5
X4TtWU3/ZQ3HlwnDM5hceUsrQCRLgF7HWifziRLGkhLYrS8xSUUf6hbTQ8qxANPutG76Vok5blVh
szOdq8puPWXSFbC1LYuRDC8bnLyMeFdPlShWK+Wj5mEiurmPH++pEG5XcjL0e3MfyijTccVnRcth
4wWCMLjlc8+upOOJ3E7XQT4lD5fuRBQffdpXzfjtiC+VUoL3bB3o0Te5K5FuqRQOAd13PJfN3nag
B7LZlpx/AUheHlnU/KEqJ39PeVSjs8KeZsRz1Ut87dsCZF7VNPIjfSjn2F0h5+ehYPcSyGNwMYmG
YtLWsSNwZ3Td0qiV+0ucTB772DTMJ0Y11O29axDYpzRjLxlk/XbOHKDz2HzG
=uIGu
-----END PGP SIGNATURE-----

--------------Q6Nei0Rm1M85dYMiE0JlKdkZ--

--===============3024444222633496124==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============3024444222633496124==--