USN-5953-1: IPython vulnerabilities
15 March 2023
Several security issues were fixed in IPython.
Releases
Packages
- ipython - Enhanced interactive Python 2 shell
Details
It was discovered that IPython incorrectly processed REST API POST requests.
An attacker could possibly use this issue to launch a cross-site request
forgery (CSRF) attack and leak user's sensitive information. This issue
only affected Ubuntu 14.04 ESM. (CVE-2015-5607)
It was discovered that IPython did not properly manage cross user temporary
files. A local attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.
(CVE-2022-21699)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
python3-ipython
-
7.13.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
ipython3
-
7.13.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
ipython
-
5.5.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
python-ipython
-
5.5.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
python3-ipython
-
5.5.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
ipython3
-
5.5.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
ipython3-notebook
-
1.2.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
ipython3
-
1.2.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
ipython-notebook-common
-
1.2.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
ipython
-
1.2.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
-
ipython-notebook
-
1.2.1-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.