USN-5767-1

Source

https://ubuntu.com/security/notices/USN-5767-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5767-1.json

Related

Published

2022-12-08T13:25:34.419626Z

Modified

2022-12-08T13:25:34.419626Z

Details

Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-37454)

It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash. (CVE-2022-45061)

References

Affected packages

Ubuntu:22.04:LTS / python3.10

Package

Name: python3.10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.10.6-1~22.04.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libpython3.10": "3.10.6-1~22.04.2",
            "python3.10": "3.10.6-1~22.04.2",
            "libpython3.10-stdlib": "3.10.6-1~22.04.2",
            "python3.10-examples": "3.10.6-1~22.04.2",
            "libpython3.10-dev": "3.10.6-1~22.04.2",
            "python3.10-doc": "3.10.6-1~22.04.2",
            "python3.10-dev": "3.10.6-1~22.04.2",
            "python3.10-nopie": "3.10.6-1~22.04.2",
            "libpython3.10-testsuite": "3.10.6-1~22.04.2",
            "python3.10-venv": "3.10.6-1~22.04.2",
            "libpython3.10-minimal": "3.10.6-1~22.04.2",
            "python3.10-full": "3.10.6-1~22.04.2",
            "idle-python3.10": "3.10.6-1~22.04.2",
            "python3.10-minimal": "3.10.6-1~22.04.2"
        }
    ]
}

Ubuntu:18.04:LTS / python2.7

Package

Name: python2.7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.17-1~18.04ubuntu1.10

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "python2.7": "2.7.17-1~18.04ubuntu1.10",
            "libpython2.7": "2.7.17-1~18.04ubuntu1.10",
            "libpython2.7-stdlib": "2.7.17-1~18.04ubuntu1.10",
            "python2.7-dev": "2.7.17-1~18.04ubuntu1.10",
            "python2.7-examples": "2.7.17-1~18.04ubuntu1.10",
            "python2.7-doc": "2.7.17-1~18.04ubuntu1.10",
            "idle-python2.7": "2.7.17-1~18.04ubuntu1.10",
            "libpython2.7-testsuite": "2.7.17-1~18.04ubuntu1.10",
            "python2.7-minimal": "2.7.17-1~18.04ubuntu1.10",
            "libpython2.7-dev": "2.7.17-1~18.04ubuntu1.10",
            "libpython2.7-minimal": "2.7.17-1~18.04ubuntu1.10"
        }
    ]
}

Ubuntu:20.04:LTS / python3.8

Package

Name: python3.8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.8.10-0ubuntu1~20.04.6

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libpython3.8-stdlib": "3.8.10-0ubuntu1~20.04.6",
            "libpython3.8-testsuite": "3.8.10-0ubuntu1~20.04.6",
            "libpython3.8": "3.8.10-0ubuntu1~20.04.6",
            "libpython3.8-minimal": "3.8.10-0ubuntu1~20.04.6",
            "python3.8-full": "3.8.10-0ubuntu1~20.04.6",
            "python3.8": "3.8.10-0ubuntu1~20.04.6",
            "idle-python3.8": "3.8.10-0ubuntu1~20.04.6",
            "python3.8-venv": "3.8.10-0ubuntu1~20.04.6",
            "python3.8-doc": "3.8.10-0ubuntu1~20.04.6",
            "python3.8-minimal": "3.8.10-0ubuntu1~20.04.6",
            "python3.8-examples": "3.8.10-0ubuntu1~20.04.6",
            "python3.8-dev": "3.8.10-0ubuntu1~20.04.6",
            "libpython3.8-dev": "3.8.10-0ubuntu1~20.04.6"
        }
    ]
}