USN-6513-2

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-6513-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6513-2.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-6513-2
Related
Published
2023-11-27T18:11:30.630640Z
Modified
2023-11-27T18:11:30.630640Z
Summary
python3.8, python3.10, python3.11 vulnerability
Details

USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.

Original advisory details:

It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2022-48564)

It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217)

References

Affected packages

Ubuntu:20.04:LTS / python3.8

Package

Name
python3.8
Purl
pkg:deb/ubuntu/python3.8@3.8.10-0ubuntu1~20.04.9?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.10-0ubuntu1~20.04.9

Affected versions

3.*

3.8.0-1
3.8.0-2
3.8.0-3
3.8.0-4
3.8.0-5
3.8.1-2ubuntu3
3.8.2~rc1-1ubuntu1
3.8.2-1
3.8.2-1ubuntu1
3.8.2-1ubuntu1.1
3.8.2-1ubuntu1.2
3.8.5-1~20.04
3.8.5-1~20.04.2
3.8.5-1~20.04.3
3.8.10-0ubuntu1~20.04
3.8.10-0ubuntu1~20.04.1
3.8.10-0ubuntu1~20.04.2
3.8.10-0ubuntu1~20.04.4
3.8.10-0ubuntu1~20.04.5
3.8.10-0ubuntu1~20.04.6
3.8.10-0ubuntu1~20.04.7
3.8.10-0ubuntu1~20.04.8

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "idle-python3.8",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "libpython3.8",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "libpython3.8-dbg",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "libpython3.8-dev",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "libpython3.8-minimal",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "libpython3.8-stdlib",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "libpython3.8-testsuite",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "python3.8",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "python3.8-dbg",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "python3.8-dev",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "python3.8-doc",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "python3.8-examples",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "python3.8-full",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "python3.8-minimal",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        },
        {
            "binary_name": "python3.8-venv",
            "binary_version": "3.8.10-0ubuntu1~20.04.9"
        }
    ]
}

Ubuntu:22.04:LTS / python3.10

Package

Name
python3.10
Purl
pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.3?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.10.12-1~22.04.3

Affected versions

3.*

3.10.0-2
3.10.0-3
3.10.0-4
3.10.0-5
3.10.0-5build1
3.10.1-1
3.10.1-2
3.10.2-1
3.10.2-5
3.10.2-7
3.10.3-1
3.10.4-3
3.10.4-3ubuntu0.1
3.10.6-1~22.04
3.10.6-1~22.04.1
3.10.6-1~22.04.2
3.10.6-1~22.04.2ubuntu1
3.10.6-1~22.04.2ubuntu1.1
3.10.12-1~22.04.2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "idle-python3.10",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "libpython3.10",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "libpython3.10-dbg",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "libpython3.10-dev",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "libpython3.10-minimal",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "libpython3.10-stdlib",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "libpython3.10-testsuite",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "python3.10",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "python3.10-dbg",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "python3.10-dev",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "python3.10-doc",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "python3.10-examples",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "python3.10-full",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "python3.10-minimal",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "python3.10-nopie",
            "binary_version": "3.10.12-1~22.04.3"
        },
        {
            "binary_name": "python3.10-venv",
            "binary_version": "3.10.12-1~22.04.3"
        }
    ]
}