[USN-5817-1] Setuptools vulnerability

David Fernandez Gonzalez Mon, 23 Jan 2023 03:43:15 -0800

==========================================================================
Ubuntu Security Notice USN-5817-1
January 23, 2023


python-setuptools, setuptools vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Setuptools could be made to crash if it received specially crafted input.

Software Description:
- python-setuptools: Python Distutils Enhancements
- setuptools: Python Distutils Enhancements

Details:

Sebastian Chnelik discovered that setuptools incorrectly handled
certain regex inputs. An attacker could possibly use this issue
to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  pypy-setuptools                 44.1.1-1.2ubuntu0.22.10.1
  python-setuptools               44.1.1-1.2ubuntu0.22.10.1
  python3-setuptools              59.6.0-1.2ubuntu0.22.10.1

Ubuntu 22.04 LTS:
  pypy-setuptools                 44.1.1-1.2ubuntu0.22.04.1
  python-setuptools               44.1.1-1.2ubuntu0.22.04.1
  python3-setuptools              59.6.0-1.2ubuntu0.22.04.1

Ubuntu 20.04 LTS:
  pypy-setuptools                 44.0.0-2ubuntu0.1
  python-setuptools               44.0.0-2ubuntu0.1
  python3-setuptools              45.2.0-1ubuntu0.1

Ubuntu 18.04 LTS:
  pypy-setuptools                 39.0.1-2ubuntu0.1
  python-setuptools               39.0.1-2ubuntu0.1
  python3-setuptools              39.0.1-2ubuntu0.1

Ubuntu 16.04 ESM:
  pypy-setuptools                 20.7.0-1ubuntu0.1~esm1
  python-setuptools               20.7.0-1ubuntu0.1~esm1
  python3-setuptools              20.7.0-1ubuntu0.1~esm1

Ubuntu 14.04 ESM:
  python-setuptools               3.3-1ubuntu2+esm1
  python3-setuptools              3.3-1ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5817-1
  CVE-2022-40897

Package Information:
https://launchpad.net/ubuntu/+source/python-setuptools/44.1.1-1.2ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/setuptools/59.6.0-1.2ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/python-setuptools/44.1.1-1.2ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/setuptools/59.6.0-1.2ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/python-setuptools/44.0.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/setuptools/45.2.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-setuptools/39.0.1-2ubuntu0.1

OpenPGP_0x86A73CCF854ECB9A.asc
Description: OpenPGP public key

OpenPGP_signature
Description: OpenPGP digital signature

[USN-5817-1] Setuptools vulnerability

Reply via email to