Debian: Security Advisory (DLA-2896-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2896-1] ipython security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2896-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 24, 2022 https://wiki.debian.org/LTS -...

Debian DLA-2896-1 : ipython - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2896 advisory. It was discovered that there was a potential arbitrary code execution vulnerability in IPython, the interactive Python shell. This issue stemmed from IPython executing...

DLA-2896-1 ipython - security update

Bulletin has no description...

abracadabra (>=0.0.0 <=0.0.5), ai-economist (>=1.0.0 <=1.1.1) +106 more potentially affected by CVE-2022-21699 via ipython (>=6.0.0 <=7.16.1)

ipython PYPI version =6.0.0, =0.0.0, =1.0.0, =0.1.2, =0.0.4, =1.0.2, =0.10.0, =1.0.0, =0.0.4, =1.0.0rc1, =20210206.0.0, =2.2.2b1, =0.1.0, =0.3.4, =0.1.0rc1, =1.0.2 - civis-compute =0.2.0 and more Source cves: CVE-2022-21699 Source advisory: OSV:GHSA-PQ7M-3GW7-GQ5X...

aiida-core (=1.0.0), biocommons-seqrepo (>=0.3.5 <=0.4.5) +15 more potentially affected by CVE-2022-21699 via ipython (>=4.1.1 <=5.10.0)

ipython PYPI version =4.1.1, =0.3.5, =0.2.0, =2.0.0, =1.0.0b1, =1.0.0.post2, =0.0.7, =0.1.0, =0.1.6, =1.3.1, =0.4.0, =0.1.0, =0.10.0 - sklearn-plus =0.0.5 and more Source cves: CVE-2022-21699 Source advisory: OSV:GHSA-PQ7M-3GW7-GQ5X...

ang (=0.0.2), astx (>=0.5.0 <=0.6.0) +5 more potentially affected by CVE-2022-21699 via ipython (>=8.0.0 <=8.0.0rc1)

ipython PYPI version =8.0.0, =0.5.0, =1.3.0, =0.1.23, =0.1.3, =0.1.5 - quantum-viz =1.0.3 Source cves: CVE-2022-21699 Source advisory: OSV:GHSA-PQ7M-3GW7-GQ5X...

abracadabra (>=0.0.6 <=0.0.7), ai-economist (>=1.2.3 <=1.7.0) +132 more potentially affected by CVE-2022-21699 via ipython (>=7.17.0 <=7.31.0)

ipython PYPI version =7.17.0, =0.0.6, =1.2.3, =0.1.0, =0.1.2, =0.0.1b1, =0.0.27, =0.1.3, =1.0.1, =0.12.1, =1.1.1, =1.4.3 - c =0.1.0 and more Source cves: CVE-2022-21699 Source advisory: OSV:GHSA-PQ7M-3GW7-GQ5X...

Execution with Unnecessary Privileges in ipython

We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another. Proof of concept User1: mkdir -m 777 /tmp/profiledefault mkdir -m 777 /tmp/profiledefault/startup echo...

GHSA-PQ7M-3GW7-GQ5X Execution with Unnecessary Privileges in ipython

We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another. Proof of concept User1: mkdir -m 777 /tmp/profiledefault mkdir -m 777 /tmp/profiledefault/startup echo...

Arbitrary Code Execution

ipython is vulnerable to arbitrary code execution. The vulnerability exists because the library does not properly manage the cross-user temporary files, allowing an attacker to run code as another user by executing malicious untrusted files through the current working directory...

CVE-2022-21699

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary...

DEBIAN-CVE-2022-21699

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary...

ang (=0.0.2), astx (>=0.5.0 <=0.6.0) +5 more potentially affected by CVE-2022-21699 via ipython (>=8.0.0 <=8.0.0rc1)

ipython PYPI version =8.0.0, =0.5.0, =1.3.0, =0.1.23, =0.1.3, =0.1.5 - quantum-viz =1.0.3 Source cves: CVE-2022-21699 Source advisory: OSV:PYSEC-2022-12...

UBUNTU-CVE-2022-21699

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary...

abracadabra (>=0.0.6 <=0.0.7), ai-economist (>=1.2.3 <=1.7.0) +132 more potentially affected by CVE-2022-21699 via ipython (>=7.17.0 <=7.31.0)

ipython PYPI version =7.17.0, =0.0.6, =1.2.3, =0.1.0, =0.1.2, =0.0.1b1, =0.0.27, =0.1.3, =1.0.1, =0.12.1, =1.1.1, =1.4.3 - c =0.1.0 and more Source cves: CVE-2022-21699 Source advisory: OSV:PYSEC-2022-12...

aiida-core (=1.0.0), alerce (>=0.2.2 <=0.2.4) +38 more potentially affected by CVE-2022-21699 via ipython (>=4.1.1 <=6.0.0)

ipython PYPI version =4.1.1, =0.2.2, =0.3.5, =2.0.3, =1.15.2, =2.0.0, =0.2.0, =2.0.0, =0.8.2, =1.0.0b1, =1.1.3.0, =1.0.0.post2, =0.0.7, =0.3.2 and more Source cves: CVE-2022-21699 Source advisory: OSV:PYSEC-2022-12...

Remote code execution

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary...

abracadabra (>=0.0.0 <=0.0.5), ai-economist (>=1.0.0 <=1.1.1) +106 more potentially affected by CVE-2022-21699 via ipython (>=6.0.0 <=7.16.1)

ipython PYPI version =6.0.0, =0.0.0, =1.0.0, =0.1.2, =0.0.4, =1.0.2, =0.10.0, =1.0.0, =0.0.4, =1.0.0rc1, =20210206.0.0, =2.2.2b1, =0.1.0, =0.3.4, =0.1.0rc1, =1.0.2 - civis-compute =0.2.0 and more Source cves: CVE-2022-21699 Source advisory: OSV:PYSEC-2022-12...

CVE-2022-21699

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary...