CVE-2022-40897

Note

the python-pip package bundles python-setuptools binaries
when built. After updating python-setuptools, a no-change
rebuild of python-pip is required.

Package	Release	Status
python-pip Launchpad, Ubuntu, Debian	bionic	Released (9.0.1-2.3~ubuntu1.18.04.6)
	focal	Released (20.0.2-5ubuntu1.7)
	jammy	Released (22.0.2+dfsg-1ubuntu0.1)
	kinetic	Released (22.2+dfsg-1ubuntu0.1)
	lunar	Needed
	trusty	Released (1.5.4-1ubuntu4+esm2)
	upstream	Needed
	xenial	Released (8.1.1-2ubuntu0.6+esm3)
python-setuptools Launchpad, Ubuntu, Debian	bionic	Released (39.0.1-2ubuntu0.1)
	focal	Released (44.0.0-2ubuntu0.1)
	jammy	Released (44.1.1-1.2ubuntu0.22.04.1)
	kinetic	Released (44.1.1-1.2ubuntu0.22.10.1)
	trusty	Released (3.3-1ubuntu2+esm1)
	upstream	Released (65.5.1)
	xenial	Released (20.7.0-1ubuntu0.1~esm1)
setuptools Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Released (45.2.0-1ubuntu0.1)
	jammy	Released (59.6.0-1.2ubuntu0.22.04.1)
	kinetic	Released (59.6.0-1.2ubuntu0.22.10.1)
	lunar	Pending (66.1.1-1)
	trusty	Does not exist
	upstream	Released (65.5.1)
	xenial	Does not exist

Parameter	Value
Base score	5.9
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Security

CVE-2022-40897

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading