Ubuntu Security Notice USN-6513-1

Ubuntu Security Notice USN-6513-1: Posted Nov 25, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6513-1 - It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake.; tags | advisory, denial of service, python; systems | linux, ubuntu; advisories | CVE-2022-48564, CVE-2023-40217; SHA-256 | 6f14c4bab79c5ff6022515ca227db8dbf13728c77319d254ac9fbbed86388ffb; Download | Favorite | View

Ubuntu Security Notice USN-6513-1

==========================================================================
Ubuntu Security Notice USN-6513-1
November 23, 2023

python2.7, python3.5, python3.6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Python.

Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language

Details:

It was discovered that Python incorrectly handled certain plist files.
If a user or an automated system were tricked into processing a specially
crafted plist file, an attacker could possibly use this issue to consume
resources, resulting in a denial of service. (CVE-2022-48564)

It was discovered that Python instances of ssl.SSLSocket were vulnerable
to a bypass of the TLS handshake. An attacker could possibly use this
issue to cause applications to treat unauthenticated received data before
TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   python2.7                       2.7.17-1~18.04ubuntu1.13+esm4
   python3.6                       3.6.9-1~18.04ubuntu1.13+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   python2.7                       2.7.12-1ubuntu0~16.04.18+esm9
   python3.5                       3.5.2-2ubuntu0~16.04.13+esm12

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   python2.7                       2.7.6-8ubuntu0.6+esm18

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6513-1
   CVE-2022-48564, CVE-2023-40217

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice USN-6513-1

Ubuntu Security Notice USN-6513-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6513-1

Share This

Ubuntu Security Notice USN-6513-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems