SB20240711142 - Ubuntu update for python3.10 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20240711142

SB20240711142 - Ubuntu update for python3.10

Published: July 11, 2024 Updated: November 15, 2024

Security Bulletin ID SB20240711142
Severity
High
Patch available
YES
Number of vulnerabilities 41
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 7% Medium 71% Low 22%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 41 secuirty vulnerabilities.


1) OS Command Injection (CVE-ID: CVE-2015-20107)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the mailcap module, which does not escape characters into commands discovered in the system mailcap file. A remote unauthenticated attacker can pass specially crafted data to the applications that call mailcap.findmatch with untrusted input and execute arbitrary OS commands on the target system.



2) Improper input validation (CVE-ID: CVE-2018-1060)

The vulnerability allows a remote attacker to cause DoS condition on he target system.

The weakness exists due to the way catastrophic backtracking was implemented in apop() method in pop3lib. A remote attacker can cause the service to crash.

3) Improper input validation (CVE-ID: CVE-2018-1061)

The vulnerability allows a remote attacker to cause DoS condition on he target system.

The weakness exists due to the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method difflib. A remote attacker can cause the service to crash.

4) XXE attack (CVE-ID: CVE-2018-14647)

The vulnerability allows a remote attacker to conduct XXE-attack.

The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the victim into open an XML file that submits malicious input, trigger pathological hash collisions in Expat's internal data structures, consume large amounts CPU and RAM, and cause a denial of service (DoS) condition.


5) Integer overflow (CVE-ID: CVE-2018-20406)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to integer overflow in modules/_pickle.c when processing a large LONG_BINPUT value during the "resize to twice the size" attempt. A remote attacker can supply overly large data, trigger integer overflow and exhaust all resources on the system.


6) Information disclosure (CVE-ID: CVE-2018-20852)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the "http.cookiejar.DefaultPolicy.domain_return_ok" in the "Lib/http/cookiejar.py" file returns incorrect results during cookie domain checks. A remote attacker can trick a victim to execute a program that uses the "http.cookiejar.DefaultPolicy" to make an HTTP connection to an attacker-controlled server with a hostname that has another valid hostname as a suffix.

Successful exploitation of this vulnerability can allow an attacker to gain unauthorized access to sensitive information on the system, such as existing cookies.

7) Input validation error (CVE-ID: CVE-2019-9636)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input when processing data in Unicode encoding with an incorrect netloc during NFKC normalization. A remote attacker can gain access to sensitive information.


8) Input validation error (CVE-ID: CVE-2019-10160)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user and password parts of a URL. This issue exists due to incorrect patch for previous issue described in SB2019030811 (CVE-2019-9636). A remote attacker can gain access to sensitive information.


9) Input validation error (CVE-ID: CVE-2019-16056)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when processing multiple occurrences of the "@" character in an email address. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied.


10) Cross-site scripting (CVE-ID: CVE-2019-16935)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing the server_title field in the XML-RPC server (Lib/DocXMLRPCServer.py) in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


11) Input validation error (CVE-ID: CVE-2019-17514)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.


12) CRLF injection (CVE-ID: CVE-2019-18348)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)


13) Infinite loop (CVE-ID: CVE-2019-20907)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop In Lib/tarfile.py in Python. A remote attacker can create a specially crafted TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.


14) NULL pointer dereference (CVE-ID: CVE-2019-5010)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the X509 certificate parser of the affected software improperly handles X509 certificates with a certificate extension that uses a Certificate Revocation List (CRL) distribution point with empty distributionPoint and cRLIssuer fields. A remote attacker can send a request to initiate a Transport Layer Security (TLS) connection using an X509 certificate that submits malicious input, trigger a NULL pointer dereference condition that causes the application to crash, resulting in a DoS condition.


15) Resource exhaustion (CVE-ID: CVE-2019-9674)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Lib/zipfile.py in Python when processing ZIP archives. A remote attacker can pass a specially crafted .zip archive to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.


16) CRLF injection (CVE-ID: CVE-2019-9740)

The vulnerability allows a remote attacker to perform CRLF injection attacks.

The vulnerability exists within urllib2 implementation for Python 2.x and urllib3 implementation for Python 3.x when processing the path component of a URL after the "?" character within the urllib.request.urlopen() call. A remote attacker with ability to control URL, passed to the application, can use CRLF sequences to split the HTTP request and inject arbitrary HTTP headers into request, made by the application.


17) CRLF injection (CVE-ID: CVE-2019-9947)

The vulnerability allows a remote attacker to perform CRLF injection attacks.

The vulnerability exists within urllib2 implementation for Python 2.x and urllib3 implementation for Python 3.x when processing the path component of a URL that lacks the "?" character within the urllib.request.urlopen() call. A remote attacker with ability to control URL, passed to the application, can use CRLF sequences to split the HTTP request and inject arbitrary HTTP headers into request, made by the application.


18) Exposed dangerous method or function (CVE-ID: CVE-2019-9948)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to urllib implementation in Python 2.x supports the local_file: scheme. An attacker with ability to control input data, such as URL, can bypass protection mechanisms that blacklist file: URIs and view contents of arbitrary file on the system.

PoC: 

urllib.urlopen('local_file:///etc/passwd')

19) Resource exhaustion (CVE-ID: CVE-2020-14422)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application improperly computes hash values in the IPv4Interface and IPv6Interface classes within the Lib/ipaddress.py in Python. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.


20) CRLF injection (CVE-ID: CVE-2020-26116)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data in "http.client". A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.


21) Code Injection (CVE-ID: CVE-2020-27619)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to Python executed eval() function on the code, retrieved via HTTP protocol in Lib/test/multibytecodec_support.py CJK codec tests. A remote attacker with ability to intercept network traffic can perform a Man-in-the-Middle (MitM) attack and execute arbitrary Python code on the system.


22) Buffer overflow (CVE-ID: CVE-2021-3177)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary within the PyCArg_repr in _ctypes/callproc.c. A remote attacker can pass specially crafted input to the Python applications that accept floating-point numbers as untrusted input, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


23) Resource management error (CVE-ID: CVE-2020-8492)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in urllib.request.AbstractBasicAuthHandler when processing HTTP responses. A remote attacker who controls a HTTP server can send a specially crafted HTTP response to the client application and conduct Regular Expression Denial of Service (ReDoS) attack.


24) Improper input validation (CVE-ID: CVE-2021-29921)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Python interpreter and runtime (CPython) component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.


25) Improper input validation (CVE-ID: CVE-2021-3426)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Binding Support Function (Python) component in Oracle Communications Cloud Native Core Binding Support Function. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.


26) Resource management error (CVE-ID: CVE-2021-3733)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application within the AbstractBasicAuthHandler class in urllib. A remote attacker with control over the server can perform regular expression denial of service attack during authentication.


27) Infinite loop (CVE-ID: CVE-2021-3737)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker who controls a malicious server can force the client to enter an infinite loop on a 100 Continue response.


28) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2021-4189)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in the FTP (File Transfer Protocol) client library when using it in PASV (passive) mode. A remote attacker can set up a malicious FTP server, trick the FTP client in Python into connecting back to a given IP address and port, which can lead to FTP client scanning ports which otherwise would not have been possible.


29) CRLF injection (CVE-ID: CVE-2022-0391)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data within the urllib.parse module in Python. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.


30) Deserialization of Untrusted Data (CVE-ID: CVE-2022-42919)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Python multiprocessing library, when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine.A local user can execute arbitrary code with privileges of the user running the any forkserver process.


31) Resource exhaustion (CVE-ID: CVE-2022-45061)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an unnecessary quadratic algorithm in one path when processing some inputs to the IDNA (RFC 3490) decoder. A remote attacker can pass a specially crafted name to he decoder, trigger resource excessive CPU consumption and perform a denial of service (DoS) attack.


32) Input validation error (CVE-ID: CVE-2023-24329)

The vulnerability allows a remote attacker to bypass implemented filters.

The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.


33) Use-after-free (CVE-ID: CVE-2022-48560)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to use-after-free exists via heappushpop in heapq. A remote attacker can trigger the vulnerability to perform a denial of service attack.


34) Resource exhaustion (CVE-ID: CVE-2022-48564)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability occurs when processing malformed Apple Property List files in binary format. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


35) XML External Entity injection (CVE-ID: CVE-2022-48565)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied XML input within the plistlib module. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.


36) Race condition (CVE-ID: CVE-2022-48566)

The vulnerability allows a remote attacker to gain access to sensitive information,

The vulnerability exists due to a race condition in compare_digest in Lib/hmac.py. A remote attacker can exploit the race and gain unauthorized access to sensitive information.


37) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.


38) Path traversal (CVE-ID: CVE-2023-41105)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


39) Improper input validation (CVE-ID: CVE-2023-6507)

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Third Party (Python) component in Oracle Communications Cloud Native Core Network Data Analytics Function. A remote privileged user can exploit this vulnerability to manipulate data.


40) UNIX symbolic link following (CVE-ID: CVE-2023-6597)

The vulnerability allows a local user to delete arbitrary files on the system.

The vulnerability exists due to a symlink following issue during cleanup when handling temporary files. A local user can create a specially crafted symbolic link to a critical file on the system and delete it.


41) Resource exhaustion (CVE-ID: CVE-2024-0450)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the zipfile module does not properly control consumption of internal resources when extracting files from a zip archive. A remote attacker can pass a specially crafted archive aka zip-bomb to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References