Headline
Ubuntu Security Notice USN-6394-2
Ubuntu Security Notice 6394-2 - USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
==========================================================================
Ubuntu Security Notice USN-6394-2
October 17, 2023
python2.7 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Python could be made to execute arbitrary code if it received
a specially crafted script.
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-6394-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that Python incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
python2.7 2.7.17-1~18.04ubuntu1.13+esm3
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
python2.7 2.7.12-1ubuntu0~16.04.18+esm8
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
python2.7 2.7.6-8ubuntu0.6+esm17
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6394-2
https://ubuntu.com/security/notices/USN-6394-1
CVE-2022-48560
Related news
Ubuntu Security Notice 6891-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
Ubuntu Security Notice 6394-1 - It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
A use-after-free exists in Python through 3.9 via heappushpop in heapq.