First published: Thu Sep 07 2023(Updated: )
It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity (XXE) injection, resulting in a denial of service or information disclosure.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libpython2.7 | <2.7.17-1~18.04ubuntu1.13+esm1 | 2.7.17-1~18.04ubuntu1.13+esm1 |
=18.04 | ||
All of | ||
ubuntu/libpython2.7-stdlib | <2.7.17-1~18.04ubuntu1.13+esm1 | 2.7.17-1~18.04ubuntu1.13+esm1 |
=18.04 | ||
All of | ||
ubuntu/python2.7 | <2.7.17-1~18.04ubuntu1.13+esm1 | 2.7.17-1~18.04ubuntu1.13+esm1 |
=18.04 | ||
All of | ||
ubuntu/python2.7-minimal | <2.7.17-1~18.04ubuntu1.13+esm1 | 2.7.17-1~18.04ubuntu1.13+esm1 |
=18.04 | ||
All of | ||
ubuntu/libpython2.7 | <2.7.12-1ubuntu0~16.04.18+esm6 | 2.7.12-1ubuntu0~16.04.18+esm6 |
=16.04 | ||
All of | ||
ubuntu/libpython2.7-stdlib | <2.7.12-1ubuntu0~16.04.18+esm6 | 2.7.12-1ubuntu0~16.04.18+esm6 |
=16.04 | ||
All of | ||
ubuntu/libpython3.5 | <3.5.2-2ubuntu0~16.04.13+esm9 | 3.5.2-2ubuntu0~16.04.13+esm9 |
=16.04 | ||
All of | ||
ubuntu/libpython3.5-stdlib | <3.5.2-2ubuntu0~16.04.13+esm9 | 3.5.2-2ubuntu0~16.04.13+esm9 |
=16.04 | ||
All of | ||
ubuntu/python2.7 | <2.7.12-1ubuntu0~16.04.18+esm6 | 2.7.12-1ubuntu0~16.04.18+esm6 |
=16.04 | ||
All of | ||
ubuntu/python2.7-minimal | <2.7.12-1ubuntu0~16.04.18+esm6 | 2.7.12-1ubuntu0~16.04.18+esm6 |
=16.04 | ||
All of | ||
ubuntu/python3.5 | <3.5.2-2ubuntu0~16.04.13+esm9 | 3.5.2-2ubuntu0~16.04.13+esm9 |
=16.04 | ||
All of | ||
ubuntu/python3.5-minimal | <3.5.2-2ubuntu0~16.04.13+esm9 | 3.5.2-2ubuntu0~16.04.13+esm9 |
=16.04 | ||
All of | ||
ubuntu/libpython2.7 | <2.7.6-8ubuntu0.6+esm16 | 2.7.6-8ubuntu0.6+esm16 |
=14.04 | ||
All of | ||
ubuntu/libpython2.7-stdlib | <2.7.6-8ubuntu0.6+esm16 | 2.7.6-8ubuntu0.6+esm16 |
=14.04 | ||
All of | ||
ubuntu/python2.7 | <2.7.6-8ubuntu0.6+esm16 | 2.7.6-8ubuntu0.6+esm16 |
=14.04 | ||
All of | ||
ubuntu/python2.7-minimal | <2.7.6-8ubuntu0.6+esm16 | 2.7.6-8ubuntu0.6+esm16 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is USN-6354-1.
The severity of USN-6354-1 is not specified in the provided information.
The software affected by USN-6354-1 includes libpython2.7, libpython2.7-stdlib, python2.7, python2.7-minimal, libpython3.5, libpython3.5-stdlib, python3.5, python3.5-minimal, libpython2.7, libpython2.7-stdlib, python2.7, and python2.7-minimal.
An attacker could exploit USN-6354-1 by performing an XML External Entity (XXE) injection using XML entity declarations in plist files.
To fix USN-6354-1, you should update the affected software to the version mentioned in the provided information.