- Vulnerability/
- USN-6139-1
USN-6139-1: Python vulnerability
First published: Mon Jun 05 2023(Updated: )
Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first addressed in USN-5960-1, but was incomplete. Here we address an additional fix to that issue. (CVE-2023-24329)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python3.11 | <3.11.2-6ubuntu0.1 | 3.11.2-6ubuntu0.1 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/python3.10 | <3.10.7-1ubuntu0.4 | 3.10.7-1ubuntu0.4 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/python3.10 | <3.10.6-1~22.04.2ubuntu1.1 | 3.10.6-1~22.04.2ubuntu1.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/python3.8 | <3.8.10-0ubuntu1~20.04.8 | 3.8.10-0ubuntu1~20.04.8 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/python2.7 | <2.7.17-1~18.04ubuntu1.13 | 2.7.17-1~18.04ubuntu1.13 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/python3.6 | <3.6.9-1~18.04ubuntu1.13 | 3.6.9-1~18.04ubuntu1.13 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/python2.7 | <2.7.12-1ubuntu0~16.04.18+esm5 | 2.7.12-1ubuntu0~16.04.18+esm5 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/python3.5 | <3.5.2-2ubuntu0~16.04.13+esm8 | 3.5.2-2ubuntu0~16.04.13+esm8 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/python2.7 | <2.7.6-8ubuntu0.6+esm15 | 2.7.6-8ubuntu0.6+esm15 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-24329
- https://ubuntu.com/security/notices/USN-5888-1
- https://ubuntu.com/security/notices/USN-5960-1
- https://ubuntu.com/security/notices/USN-6891-1
- https://launchpad.net/ubuntu/+source/python3.11/3.11.2-6ubuntu0.1
- https://launchpad.net/ubuntu/+source/python3.10/3.10.7-1ubuntu0.4
- https://launchpad.net/ubuntu/+source/python3.10/3.10.6-1~22.04.2ubuntu1.1
- https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.8
- https://ubuntu.com/security/notices/USN-6139-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this Python vulnerability?
The vulnerability ID for this Python vulnerability is CVE-2023-24329.
What is the severity of USN-6139-1?
The severity of USN-6139-1 is not specified in the information provided.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by using certain URLs to bypass blockinglisting methods.
Which versions of Python are affected by this vulnerability?
Versions 3.11.2-6ubuntu0.1, 3.10.7-1ubuntu0.4, 3.10.6-1~22.04.2ubuntu1.1, 3.8.10-0ubuntu1~20.04.8, 2.7.17-1~18.04ubuntu1.13, 3.6.9-1~18.04ubuntu1.13, 2.7.12-1ubuntu0~16.04.18+esm5, 3.5.2-2ubuntu0~16.04.13+esm8, and 2.7.6-8ubuntu0.6+esm15 of Python are affected by this vulnerability.
How can I fix this vulnerability?
To fix this vulnerability, update Python to version 3.11.2-6ubuntu0.1, 3.10.7-1ubuntu0.4, 3.10.6-1~22.04.2ubuntu1.1, 3.8.10-0ubuntu1~20.04.8, 2.7.17-1~18.04ubuntu1.13, 3.6.9-1~18.04ubuntu1.13, 2.7.12-1ubuntu0~16.04.18+esm5, 3.5.2-2ubuntu0~16.04.13+esm8, or 2.7.6-8ubuntu0.6+esm15, depending on the version you are using.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/title
- agent/description
- agent/event
- collector/usn
- source/Ubuntu
- anchor-related/USN-5888-1
- anchor-related/USN-5960-1
- anchor-related/USN-6891-1
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.10
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04