USN-6400-1: Python vulnerability
27 September 2023
Python could be made to expose sensitive information.
Releases
Packages
- python2.7 - An interactive high-level object-oriented language
- python3.5 - An interactive high-level object-oriented language
Details
It was discovered that Python did not properly provide constant-time
processing for a crypto operation. An attacker could possibly use this
issue to perform a timing attack and recover sensitive information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
libpython2.7
-
2.7.17-1~18.04ubuntu1.13+esm2
Available with Ubuntu Pro
-
libpython2.7-minimal
-
2.7.17-1~18.04ubuntu1.13+esm2
Available with Ubuntu Pro
-
libpython2.7-stdlib
-
2.7.17-1~18.04ubuntu1.13+esm2
Available with Ubuntu Pro
Ubuntu 16.04
-
libpython2.7
-
2.7.12-1ubuntu0~16.04.18+esm7
Available with Ubuntu Pro
-
libpython2.7-minimal
-
2.7.12-1ubuntu0~16.04.18+esm7
Available with Ubuntu Pro
-
libpython2.7-stdlib
-
2.7.12-1ubuntu0~16.04.18+esm7
Available with Ubuntu Pro
-
libpython3.5
-
3.5.2-2ubuntu0~16.04.13+esm11
Available with Ubuntu Pro
-
libpython3.5-minimal
-
3.5.2-2ubuntu0~16.04.13+esm11
Available with Ubuntu Pro
-
libpython3.5-stdlib
-
3.5.2-2ubuntu0~16.04.13+esm11
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.