[SECURITY] [DSA 5065-1] ipython security update

2022-01-3119:51:25

lists.debian.org

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

28.2%

JSON

Debian Security Advisory DSA-5065-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
January 31, 2022 https://www.debian.org/security/faq

Package : ipython
CVE ID : CVE-2022-21699

It was discovered that IPython, an enhanced interactive Python shell,
executed config files from the current working directory, which could
result in cross-user attacks if run from a directory multiple users
may write to.

For the oldstable distribution (buster), this problem has been fixed
in version 5.8.0-1+deb10u1.

For the stable distribution (bullseye), this problem has been fixed in
version 7.20.0-1+deb11u1.

We recommend that you upgrade your ipython packages.

For the detailed security status of ipython please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ipython

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10allipython3< 5.8.0-1+deb10u1ipython3_5.8.0-1+deb10u1_all.deb
Debian11allpython3-ipython< 7.20.0-1+deb11u1python3-ipython_7.20.0-1+deb11u1_all.deb
Debian9allipython3< 5.1.0-3+deb9u1ipython3_5.1.0-3+deb9u1_all.deb
Debian9allpython3-ipython< 5.1.0-3+deb9u1python3-ipython_5.1.0-3+deb9u1_all.deb
Debian9allpython-ipython-doc< 5.1.0-3+deb9u1python-ipython-doc_5.1.0-3+deb9u1_all.deb
Debian11allipython3< 7.20.0-1+deb11u1ipython3_7.20.0-1+deb11u1_all.deb
Debian10allpython3-ipython< 5.8.0-1+deb10u1python3-ipython_5.8.0-1+deb10u1_all.deb
Debian11allpython-ipython-doc< 7.20.0-1+deb11u1python-ipython-doc_7.20.0-1+deb11u1_all.deb
Debian10allpython-ipython-doc< 5.8.0-1+deb10u1python-ipython-doc_5.8.0-1+deb10u1_all.deb
Debian11allipython< 7.20.0-1+deb11u1ipython_7.20.0-1+deb11u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	ipython3	< 5.8.0-1+deb10u1	ipython3_5.8.0-1+deb10u1_all.deb
Debian	11	all	python3-ipython	< 7.20.0-1+deb11u1	python3-ipython_7.20.0-1+deb11u1_all.deb
Debian	9	all	ipython3	< 5.1.0-3+deb9u1	ipython3_5.1.0-3+deb9u1_all.deb
Debian	9	all	python3-ipython	< 5.1.0-3+deb9u1	python3-ipython_5.1.0-3+deb9u1_all.deb
Debian	9	all	python-ipython-doc	< 5.1.0-3+deb9u1	python-ipython-doc_5.1.0-3+deb9u1_all.deb
Debian	11	all	ipython3	< 7.20.0-1+deb11u1	ipython3_7.20.0-1+deb11u1_all.deb
Debian	10	all	python3-ipython	< 5.8.0-1+deb10u1	python3-ipython_5.8.0-1+deb10u1_all.deb
Debian	11	all	python-ipython-doc	< 7.20.0-1+deb11u1	python-ipython-doc_7.20.0-1+deb11u1_all.deb
Debian	10	all	python-ipython-doc	< 5.8.0-1+deb10u1	python-ipython-doc_5.8.0-1+deb10u1_all.deb
Debian	11	all	ipython	< 7.20.0-1+deb11u1	ipython_7.20.0-1+deb11u1_all.deb