Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6547-1

Ubuntu Security Notice 6547-1 - it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks.

Packet Storm
Open in Source
#vulnerability#ubuntu
==========================================================================Ubuntu Security Notice USN-6547-1December 11, 2023python3.11 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04Summary:Python could be made to bypass security measures if it processed amalicious filename.Software Description:- python3.11: An interactive high-level object-oriented languageDetails:it was discovered that Python incorrectly handled null bytes whennormalizing pathnames. An attacker could possibly use this issue to bypasscertain filename checks.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   python3.11                      3.11.4-1~23.04.2In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6547-1   CVE-2023-41105Package Information:   https://launchpad.net/ubuntu/+source/python3.11/3.11.4-1~23.04.2

Related news

Ubuntu Security Notice USN-6891-1

Ubuntu Security Notice 6891-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.

CVE-2023-41105: [3.11] gh-106242: Fix path truncation in os.path.normpath (GH-106816) by zooba · Pull Request #107982 · python/cpython

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution
Packet Storm