7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
COMPLETE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:C/A:P
0.001 Low
EPSS
Percentile
49.4%
Low
Canonical Ubuntu
It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run sudo ua fix USN-5519-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev – 2.7.12-1ubuntu0~16.04.18+esm2 python2.7-doc – 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7-stdlib – 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7-minimal – 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7 – 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7-testsuite – 2.7.12-1ubuntu0~16.04.18+esm2 python2.7 – 2.7.12-1ubuntu0~16.04.18+esm2 idle-python2.7 – 2.7.12-1ubuntu0~16.04.18+esm2 python2.7-examples – 2.7.12-1ubuntu0~16.04.18+esm2 libpython2.7-dev – 2.7.12-1ubuntu0~16.04.18+esm2 python2.7-minimal – 2.7.12-1ubuntu0~16.04.18+esm2 Available with UA Infra or UA Desktop: https://ubuntu.com/advantage libpython3.5-stdlib – 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-venv – 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-doc – 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-dev – 3.5.2-2ubuntu0~16.04.13+esm3 libpython3.5-dev – 3.5.2-2ubuntu0~16.04.13+esm3 libpython3.5-minimal – 3.5.2-2ubuntu0~16.04.13+esm3 python3.5 – 3.5.2-2ubuntu0~16.04.13+esm3 idle-python3.5 – 3.5.2-2ubuntu0~16.04.13+esm3 libpython3.5-testsuite – 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-examples – 3.5.2-2ubuntu0~16.04.13+esm3 python3.5-minimal – 3.5.2-2ubuntu0~16.04.13+esm3 libpython3.5 – 3.5.2-2ubuntu0~16.04.13+esm3 Available with UA Infra or UA Desktop: https://ubuntu.com/advantage
CVEs contained in this USN include: CVE-2015-20107.
Severity is low unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2022-08-26: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
bionic stemcells | lt | 1.92 | |
cflinuxfs3 | lt | 0.311.0 | |
cf deployment | lt | 21.7.0 |
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
COMPLETE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:C/A:P
0.001 Low
EPSS
Percentile
49.4%