First published: Thu Nov 03 2022(Updated: )
Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue to execute arbitrary code and escalate privileges.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3.10 | <3.10.7-1ubuntu0.1 | 3.10.7-1ubuntu0.1 |
Ubuntu Ubuntu | =22.10 | |
All of | ||
ubuntu/python3.10-minimal | <3.10.7-1ubuntu0.1 | 3.10.7-1ubuntu0.1 |
Ubuntu Ubuntu | =22.10 | |
All of | ||
ubuntu/python3.10 | <3.10.6-1~22.04.1 | 3.10.6-1~22.04.1 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/python3.10-minimal | <3.10.6-1~22.04.1 | 3.10.6-1~22.04.1 |
Ubuntu Ubuntu | =22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Python vulnerability is USN-5713-1.
The Python vulnerability allows a local attacker to execute arbitrary code and escalate privileges by exploiting an issue in the way sockets are handled when the multiprocessing module is being used.
This vulnerability affects Python versions 3.10.7-1ubuntu0.1 and 3.10.6-1~22.04.1.
To fix this vulnerability, update Python to version 3.10.7-1ubuntu0.1.
You can find more information about this vulnerability on the Ubuntu security website referenced in USN-5888-1 and CVE-2022-42919.