USN-5713-1: Python vulnerability
3 November 2022
Python could be made to run programs if it received specially crafted socket connections.
Releases
Packages
- python3.10 - An interactive high-level object-oriented language
Details
Devin Jeanpierre discovered that Python incorrectly handled sockets when
the multiprocessing module was being used. A local attacker could possibly
use this issue to execute arbitrary code and escalate privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
Ubuntu 22.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5888-1: libpython3.9, python3.9-venv, python3.9, python3.9-dev, python3.9-full, idle-python3.9, libpython3.9-stdlib, libpython3.9-minimal, libpython3.9-testsuite, python3.9-examples, python3.9-minimal, python3.9-doc, libpython3.9-dev