USN-6354-1
- Source
- https://ubuntu.com/security/notices/USN-6354-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6354-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6354-1
- Upstream
- Related
- Published
- 2023-09-07T16:00:44.314384Z
- Modified
- 2025-10-13T04:36:36Z
- Summary
- python2.7, python3.5 vulnerability
- Details
-
It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity (XXE) injection, resulting in a denial of service or information disclosure.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / python2.7
Package
- Name
- python2.7
- Purl
- pkg:deb/ubuntu/python2.7@2.7.6-8ubuntu0.6+esm16?arch=source&distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.6-8ubuntu0.6+esm16
Affected versions
2.*
2.7.5-8ubuntu3
2.7.5-8ubuntu4
2.7.6-2
2.7.6-2ubuntu1
2.7.6-3
2.7.6-3ubuntu1
2.7.6-4
2.7.6-4ubuntu1
2.7.6-5
2.7.6-7
2.7.6-8
2.7.6-8ubuntu0.2
2.7.6-8ubuntu0.3
2.7.6-8ubuntu0.4
2.7.6-8ubuntu0.5
2.7.6-8ubuntu0.6+esm2
2.7.6-8ubuntu0.6+esm3
2.7.6-8ubuntu0.6+esm5
2.7.6-8ubuntu0.6+esm6
2.7.6-8ubuntu0.6+esm7
2.7.6-8ubuntu0.6+esm8
2.7.6-8ubuntu0.6+esm9
2.7.6-8ubuntu0.6+esm10
2.7.6-8ubuntu0.6+esm11
2.7.6-8ubuntu0.6+esm12
2.7.6-8ubuntu0.6+esm13
2.7.6-8ubuntu0.6+esm14
2.7.6-8ubuntu0.6+esm15
Ecosystem specific
{
"binaries": [
{
"binary_name": "idle-python2.7",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
},
{
"binary_name": "libpython2.7",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
},
{
"binary_name": "libpython2.7-dev",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
},
{
"binary_name": "libpython2.7-minimal",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
},
{
"binary_name": "libpython2.7-stdlib",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
},
{
"binary_name": "libpython2.7-testsuite",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
},
{
"binary_name": "python2.7",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
},
{
"binary_name": "python2.7-dev",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
},
{
"binary_name": "python2.7-examples",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
},
{
"binary_name": "python2.7-minimal",
"binary_version": "2.7.6-8ubuntu0.6+esm16"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6354-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"cves": [
{
"id": "CVE-2022-48565",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:Pro:16.04:LTS / python2.7
Package
- Name
- python2.7
- Purl
- pkg:deb/ubuntu/python2.7@2.7.12-1ubuntu0~16.04.18+esm6?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.12-1ubuntu0~16.04.18+esm6
Affected versions
2.*
2.7.10-4ubuntu1
2.7.10-4ubuntu2
2.7.11-2
2.7.11-3
2.7.11-4
2.7.11-6
2.7.11-7
2.7.11-7ubuntu1
2.7.12-1~16.04
2.7.12-1ubuntu0~16.04.1
2.7.12-1ubuntu0~16.04.2
2.7.12-1ubuntu0~16.04.3
2.7.12-1ubuntu0~16.04.4
2.7.12-1ubuntu0~16.04.8
2.7.12-1ubuntu0~16.04.9
2.7.12-1ubuntu0~16.04.11
2.7.12-1ubuntu0~16.04.12
2.7.12-1ubuntu0~16.04.13
2.7.12-1ubuntu0~16.04.14
2.7.12-1ubuntu0~16.04.16
2.7.12-1ubuntu0~16.04.18
2.7.12-1ubuntu0~16.04.18+esm1
2.7.12-1ubuntu0~16.04.18+esm2
2.7.12-1ubuntu0~16.04.18+esm3
2.7.12-1ubuntu0~16.04.18+esm4
2.7.12-1ubuntu0~16.04.18+esm5
Ecosystem specific
{
"binaries": [
{
"binary_name": "idle-python2.7",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
},
{
"binary_name": "libpython2.7",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
},
{
"binary_name": "libpython2.7-dev",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
},
{
"binary_name": "libpython2.7-minimal",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
},
{
"binary_name": "libpython2.7-stdlib",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
},
{
"binary_name": "libpython2.7-testsuite",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
},
{
"binary_name": "python2.7",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
},
{
"binary_name": "python2.7-dev",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
},
{
"binary_name": "python2.7-examples",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
},
{
"binary_name": "python2.7-minimal",
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm6"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6354-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"cves": [
{
"id": "CVE-2022-48565",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:Pro:16.04:LTS / python3.5
Package
- Name
- python3.5
- Purl
- pkg:deb/ubuntu/python3.5@3.5.2-2ubuntu0~16.04.13+esm9?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.2-2ubuntu0~16.04.13+esm9
Affected versions
3.*
3.5.0-3
3.5.0-3ubuntu1
3.5.1~rc1-2ubuntu1
3.5.1-1
3.5.1-2
3.5.1-3
3.5.1-5
3.5.1-6ubuntu1
3.5.1-6ubuntu2
3.5.1-9ubuntu1
3.5.1-10
3.5.2-2~16.01
3.5.2-2~16.04
3.5.2-2ubuntu0~16.04.1
3.5.2-2ubuntu0~16.04.2
3.5.2-2ubuntu0~16.04.3
3.5.2-2ubuntu0~16.04.4
3.5.2-2ubuntu0~16.04.5
3.5.2-2ubuntu0~16.04.8
3.5.2-2ubuntu0~16.04.9
3.5.2-2ubuntu0~16.04.10
3.5.2-2ubuntu0~16.04.11
3.5.2-2ubuntu0~16.04.12
3.5.2-2ubuntu0~16.04.13
3.5.2-2ubuntu0~16.04.13+esm1
3.5.2-2ubuntu0~16.04.13+esm2
3.5.2-2ubuntu0~16.04.13+esm3
3.5.2-2ubuntu0~16.04.13+esm5
3.5.2-2ubuntu0~16.04.13+esm6
3.5.2-2ubuntu0~16.04.13+esm7
3.5.2-2ubuntu0~16.04.13+esm8
Ecosystem specific
{
"binaries": [
{
"binary_name": "idle-python3.5",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "libpython3.5",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "libpython3.5-dev",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "libpython3.5-minimal",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "libpython3.5-stdlib",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "libpython3.5-testsuite",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "python3.5",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "python3.5-dev",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "python3.5-examples",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "python3.5-minimal",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
},
{
"binary_name": "python3.5-venv",
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm9"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6354-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"cves": [
{
"id": "CVE-2022-48565",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:Pro:18.04:LTS / python2.7
Package
- Name
- python2.7
- Purl
- pkg:deb/ubuntu/python2.7@2.7.17-1~18.04ubuntu1.13+esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.17-1~18.04ubuntu1.13+esm1
Affected versions
2.*
2.7.14-2ubuntu2
2.7.14-4
2.7.14-6
2.7.14-7
2.7.14-8
2.7.15~rc1-1
2.7.15~rc1-1ubuntu0.1
2.7.15-4ubuntu4~18.04
2.7.15-4ubuntu4~18.04.1
2.7.15-4ubuntu4~18.04.2
2.7.17-1~18.04
2.7.17-1~18.04ubuntu1
2.7.17-1~18.04ubuntu1.1
2.7.17-1~18.04ubuntu1.2
2.7.17-1~18.04ubuntu1.3
2.7.17-1~18.04ubuntu1.5
2.7.17-1~18.04ubuntu1.6
2.7.17-1~18.04ubuntu1.7
2.7.17-1~18.04ubuntu1.8
2.7.17-1~18.04ubuntu1.10
2.7.17-1~18.04ubuntu1.11
2.7.17-1~18.04ubuntu1.13
Ecosystem specific
{
"binaries": [
{
"binary_name": "idle-python2.7",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
},
{
"binary_name": "libpython2.7",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
},
{
"binary_name": "libpython2.7-dev",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
},
{
"binary_name": "libpython2.7-minimal",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
},
{
"binary_name": "libpython2.7-stdlib",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
},
{
"binary_name": "libpython2.7-testsuite",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
},
{
"binary_name": "python2.7",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
},
{
"binary_name": "python2.7-dev",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
},
{
"binary_name": "python2.7-examples",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
},
{
"binary_name": "python2.7-minimal",
"binary_version": "2.7.17-1~18.04ubuntu1.13+esm1"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6354-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"cves": [
{
"id": "CVE-2022-48565",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}