Lucene search

K
ubuntuUbuntuUSN-5342-2
HistoryAug 24, 2022 - 12:00 a.m.

Python vulnerabilities

2022-08-2400:00:00
ubuntu.com
154
ubuntu
python
vulnerabilities
ftp
sensitive information
arbitrary code
cve-2021-4189
cve-2022-0391

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

8

Confidence

Low

EPSS

0.002

Percentile

59.5%

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 14.04 ESM

Packages

  • python2.7 - An interactive high-level object-oriented language

Details

USN-5342-1 fixed several vulnerabilities in Python. This update provides
the corresponding update for Ubuntu 14.04 ESM, Ubuntu 20.04 ESM and
Ubuntu 22.04 ESM.

Original advisory details:

It was discovered that Python incorrectly handled certain FTP requests.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2021-4189)

It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2022-0391)

Rows per page:
1-10 of 481

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

8

Confidence

Low

EPSS

0.002

Percentile

59.5%