USN-7355-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7355-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7355-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-7355-1

Related

Published

2025-03-18T23:59:57.228460Z

Modified

2025-03-18T23:59:57.228460Z

Summary

restrictedpython vulnerabilities

Details

Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not properly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-37271)

Abhishek Govindarasu, Ankush Menat and Ward Theunisse discovered that RestrictedPython did not correctly handle certain format strings. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-41039)

It was discovered that RestrictedPython did not correctly restrict access to certain fields. An attacker could possibly use this issue to leak sensitive information. (CVE-2024-47532)

It was discovered that RestrictedPython contained a type confusion vulnerability. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-22153)

References

Affected packages

Ubuntu:Pro:20.04:LTS / restrictedpython

Package

Name: restrictedpython
Purl: pkg:deb/ubuntu/restrictedpython@4.0~b3-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0~b3-2ubuntu0.1~esm1

Affected versions

4.*

4.0~b3-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "4.0~b3-2ubuntu0.1~esm1",
            "binary_name": "python3-restrictedpython"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / restrictedpython

Package

Name: restrictedpython
Purl: pkg:deb/ubuntu/restrictedpython@4.0~b3-3ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0~b3-3ubuntu0.1~esm1

Affected versions

4.*

4.0~b3-2

4.0~b3-2ubuntu1

4.0~b3-3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "4.0~b3-3ubuntu0.1~esm1",
            "binary_name": "python3-restrictedpython"
        }
    ]
}

Ubuntu:24.10 / restrictedpython

Package

Name: restrictedpython
Purl: pkg:deb/ubuntu/restrictedpython@6.2-1ubuntu0.24.10.1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2-1ubuntu0.24.10.1

Affected versions

6.*

6.2-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "6.2-1ubuntu0.24.10.1",
            "binary_name": "python3-restrictedpython"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / restrictedpython

Package

Name: restrictedpython
Purl: pkg:deb/ubuntu/restrictedpython@6.2-1ubuntu0.24.04.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2-1ubuntu0.24.04.1~esm1

Affected versions

4.*

4.0~b3-3

6.*

6.2-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "6.2-1ubuntu0.24.04.1~esm1",
            "binary_name": "python3-restrictedpython"
        }
    ]
}