What is the vulnerability ID?

The vulnerability ID is USN-6354-1.

What is the severity of USN-6354-1?

The severity of USN-6354-1 is not specified in the provided information.

Which software is affected by USN-6354-1?

The software affected by USN-6354-1 includes libpython2.7, libpython2.7-stdlib, python2.7, python2.7-minimal, libpython3.5, libpython3.5-stdlib, python3.5, python3.5-minimal, libpython2.7, libpython2.7-stdlib, python2.7, and python2.7-minimal.

How can an attacker exploit USN-6354-1?

An attacker could exploit USN-6354-1 by performing an XML External Entity (XXE) injection using XML entity declarations in plist files.

How do I fix USN-6354-1?

To fix USN-6354-1, you should update the affected software to the version mentioned in the provided information.

Vulnerability/
USN-6354-1

7/9/2023

USN-6354-1: Python vulnerability

First published: Thu Sep 07 2023(Updated: )

It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity (XXE) injection, resulting in a denial of service or information disclosure.

Affected Software	Affected Version	How to fix
All of
ubuntu/libpython2.7	<2.7.17-1~18.04ubuntu1.13+esm1	2.7.17-1~18.04ubuntu1.13+esm1
	=18.04
All of
ubuntu/libpython2.7-stdlib	<2.7.17-1~18.04ubuntu1.13+esm1	2.7.17-1~18.04ubuntu1.13+esm1
	=18.04
All of
ubuntu/python2.7	<2.7.17-1~18.04ubuntu1.13+esm1	2.7.17-1~18.04ubuntu1.13+esm1
	=18.04
All of
ubuntu/python2.7-minimal	<2.7.17-1~18.04ubuntu1.13+esm1	2.7.17-1~18.04ubuntu1.13+esm1
	=18.04
All of
ubuntu/libpython2.7	<2.7.12-1ubuntu0~16.04.18+esm6	2.7.12-1ubuntu0~16.04.18+esm6
	=16.04
All of
ubuntu/libpython2.7-stdlib	<2.7.12-1ubuntu0~16.04.18+esm6	2.7.12-1ubuntu0~16.04.18+esm6
	=16.04
All of
ubuntu/libpython3.5	<3.5.2-2ubuntu0~16.04.13+esm9	3.5.2-2ubuntu0~16.04.13+esm9
	=16.04
All of
ubuntu/libpython3.5-stdlib	<3.5.2-2ubuntu0~16.04.13+esm9	3.5.2-2ubuntu0~16.04.13+esm9
	=16.04
All of
ubuntu/python2.7	<2.7.12-1ubuntu0~16.04.18+esm6	2.7.12-1ubuntu0~16.04.18+esm6
	=16.04
All of
ubuntu/python2.7-minimal	<2.7.12-1ubuntu0~16.04.18+esm6	2.7.12-1ubuntu0~16.04.18+esm6
	=16.04
All of
ubuntu/python3.5	<3.5.2-2ubuntu0~16.04.13+esm9	3.5.2-2ubuntu0~16.04.13+esm9
	=16.04
All of
ubuntu/python3.5-minimal	<3.5.2-2ubuntu0~16.04.13+esm9	3.5.2-2ubuntu0~16.04.13+esm9
	=16.04
All of
ubuntu/libpython2.7	<2.7.6-8ubuntu0.6+esm16	2.7.6-8ubuntu0.6+esm16
	=14.04
All of
ubuntu/libpython2.7-stdlib	<2.7.6-8ubuntu0.6+esm16	2.7.6-8ubuntu0.6+esm16
	=14.04
All of
ubuntu/python2.7	<2.7.6-8ubuntu0.6+esm16	2.7.6-8ubuntu0.6+esm16
	=14.04
All of
ubuntu/python2.7-minimal	<2.7.6-8ubuntu0.6+esm16	2.7.6-8ubuntu0.6+esm16
	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2022-48565

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is USN-6354-1.
What is the severity of USN-6354-1?
The severity of USN-6354-1 is not specified in the provided information.
Which software is affected by USN-6354-1?
The software affected by USN-6354-1 includes libpython2.7, libpython2.7-stdlib, python2.7, python2.7-minimal, libpython3.5, libpython3.5-stdlib, python3.5, python3.5-minimal, libpython2.7, libpython2.7-stdlib, python2.7, and python2.7-minimal.
How can an attacker exploit USN-6354-1?
An attacker could exploit USN-6354-1 by performing an XML External Entity (XXE) injection using XML entity declarations in plist files.
How do I fix USN-6354-1?
To fix USN-6354-1, you should update the affected software to the version mentioned in the provided information.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04
version/ubuntu ubuntu/14.04