Lucene search

K
ubuntuUbuntuUSN-5342-3
HistoryMay 23, 2022 - 12:00 a.m.

Python vulnerability

2022-05-2300:00:00
ubuntu.com
33
python vulnerability
ubuntu 18.04 esm
cve-2021-3426
ftp requests
cve-2021-4189
cve-2022-0391
sensitive information
arbitrary code
unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

8.3

Confidence

Low

EPSS

0.002

Percentile

59.5%

Releases

  • Ubuntu 18.04 ESM

Packages

  • python3.7 - An interactive high-level object-oriented language

Details

USN-5342-1 fixed several vulnerabilities in Python. This update provides
the corresponding fix for CVE-2021-3426 for Ubuntu 18.04 ESM.

Original advisory details:

David Schwörer discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426)

It was discovered that Python incorrectly handled certain FTP requests.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS.
(CVE-2021-4189)

It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2022-0391)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchpython3.7-minimal< 3.7.5-2ubuntu1~18.04.2+esm1UNKNOWN
Ubuntu18.04noarchidle-python3.7< 3.7.5-2ubuntu1~18.04.2UNKNOWN
Ubuntu18.04noarchlibpython3.7< 3.7.5-2ubuntu1~18.04.2UNKNOWN
Ubuntu18.04noarchlibpython3.7-dbg< 3.7.5-2ubuntu1~18.04.2UNKNOWN
Ubuntu18.04noarchlibpython3.7-dev< 3.7.5-2ubuntu1~18.04.2UNKNOWN
Ubuntu18.04noarchlibpython3.7-minimal< 3.7.5-2ubuntu1~18.04.2UNKNOWN
Ubuntu18.04noarchlibpython3.7-stdlib< 3.7.5-2ubuntu1~18.04.2UNKNOWN
Ubuntu18.04noarchlibpython3.7-testsuite< 3.7.5-2ubuntu1~18.04.2UNKNOWN
Ubuntu18.04noarchpython3.7< 3.7.5-2ubuntu1~18.04.2UNKNOWN
Ubuntu18.04noarchpython3.7-dbg< 3.7.5-2ubuntu1~18.04.2UNKNOWN
Rows per page:
1-10 of 161

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

8.3

Confidence

Low

EPSS

0.002

Percentile

59.5%