Medium
Canonical Ubuntu
Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-37454) It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash. (CVE-2022-45061) Update Instructions: Run sudo pro fix USN-5767-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3.8-minimal – 3.8.10-0ubuntu1~20.04.6 python3.8-full – 3.8.10-0ubuntu1~20.04.6 libpython3.8-minimal – 3.8.10-0ubuntu1~20.04.6 python3.8-examples – 3.8.10-0ubuntu1~20.04.6 python3.8-dev – 3.8.10-0ubuntu1~20.04.6 libpython3.8-stdlib – 3.8.10-0ubuntu1~20.04.6 python3.8-venv – 3.8.10-0ubuntu1~20.04.6 libpython3.8 – 3.8.10-0ubuntu1~20.04.6 idle-python3.8 – 3.8.10-0ubuntu1~20.04.6 libpython3.8-testsuite – 3.8.10-0ubuntu1~20.04.6 libpython3.8-dev – 3.8.10-0ubuntu1~20.04.6 python3.8 – 3.8.10-0ubuntu1~20.04.6 python3.8-doc – 3.8.10-0ubuntu1~20.04.6 No subscription required
CVEs contained in this USN include: CVE-2022-37454, CVE-2022-45061.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
2023-01-26: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
bionic stemcells | lt | 1.169 | |
cflinuxfs3 | lt | 0.346.0 | |
jammy stemcells | lt | 1.80 | |
cf deployment | lt | 24.1.0 |