CVE-2022-40897

Note

the python-pip package bundles python-setuptools binaries
when built. After updating python-setuptools, a no-change
rebuild of python-pip is required.

Package	Release	Status
python-pip Launchpad, Ubuntu, Debian	bionic	Released (9.0.1-2.3~ubuntu1.18.04.6)
	focal	Released (20.0.2-5ubuntu1.7)
	jammy	Released (22.0.2+dfsg-1ubuntu0.1)
	kinetic	Released (22.2+dfsg-1ubuntu0.1)
	lunar	Not vulnerable (23.0.1+dfsg-1)
	trusty	Released (1.5.4-1ubuntu4+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Needed
	xenial	Released (8.1.1-2ubuntu0.6+esm3) Available with Ubuntu Pro
python-setuptools Launchpad, Ubuntu, Debian	bionic	Released (39.0.1-2ubuntu0.1)
	focal	Released (44.0.0-2ubuntu0.1)
	jammy	Released (44.1.1-1.2ubuntu0.22.04.1)
	kinetic	Released (44.1.1-1.2ubuntu0.22.10.1)
	trusty	Released (3.3-1ubuntu2+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Released (65.5.1)
	xenial	Released (20.7.0-1ubuntu0.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
setuptools Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Released (45.2.0-1ubuntu0.1)
	jammy	Released (59.6.0-1.2ubuntu0.22.04.1)
	kinetic	Released (59.6.0-1.2ubuntu0.22.10.1)
	lunar	Not vulnerable (66.1.1-1)
	trusty	Does not exist
	upstream	Released (65.5.1)
	xenial	Does not exist

Parameter	Value
Base score	5.9
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-40897

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading