Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6394-2

Ubuntu Security Notice 6394-2 - USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

Packet Storm
#vulnerability#ubuntu

==========================================================================
Ubuntu Security Notice USN-6394-2
October 17, 2023

python2.7 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Python could be made to execute arbitrary code if it received
a specially crafted script.

Software Description:

  • python2.7: An interactive high-level object-oriented language

Details:

USN-6394-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that Python incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
python2.7 2.7.17-1~18.04ubuntu1.13+esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
python2.7 2.7.12-1ubuntu0~16.04.18+esm8

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
python2.7 2.7.6-8ubuntu0.6+esm17

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6394-2
https://ubuntu.com/security/notices/USN-6394-1
CVE-2022-48560

Related news

Ubuntu Security Notice USN-6891-1

Ubuntu Security Notice 6891-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

Ubuntu Security Notice USN-6394-1

Ubuntu Security Notice 6394-1 - It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

CVE-2022-48560: Issue 39421: Use-after-free in heappushpop() of heapq module

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution