[USN-7356-1] uriparser vulnerabilities
[USN-7355-1] RestrictedPython vulnerabilities
[USN-7356-1] uriparser vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7356-1
March 19, 2025
uriparser vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in uriparser.
Software Description:
- uriparser: Strictly RFC 3986 compliant URI parsing library
Details:
It was discovered that uriparser did not correctly handle certain inputs,
which could lead to an integer overflow. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2024-34402, CVE-2024-34403)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
liburiparser1 0.9.7+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
liburiparser1 0.9.6+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
liburiparser1 0.9.3-2ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
liburiparser1 0.8.4-1+deb9u2ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
liburiparser1 0.8.4-1ubuntu0.16.04.1~esm4
Available with Ubuntu Pro
Ubuntu 14.04 LTS
liburiparser1 0.7.5-1ubuntu2+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7356-1
CVE-2024-34402, CVE-2024-34403
[USN-7355-1] RestrictedPython vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7355-1
March 18, 2025
restrictedpython vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in RestrictedPython.
Software Description:
- restrictedpython: Restricted execution environment for Python 3
Details:
Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not
properly sanitize certain inputs. An attacker could possibly use this
issue to execute arbitrary code. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-37271)
Abhishek Govindarasu, Ankush Menat and Ward Theunisse discovered that
RestrictedPython did not correctly handle certain format strings. An
attacker could possibly use this issue to leak sensitive information.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-41039)
It was discovered that RestrictedPython did not correctly restrict access
to certain fields. An attacker could possibly use this issue to leak
sensitive information. (CVE-2024-47532)
It was discovered that RestrictedPython contained a type confusion
vulnerability. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2025-22153)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
python3-restrictedpython 6.2-1ubuntu0.24.10.1
Ubuntu 24.04 LTS
python3-restrictedpython 6.2-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
python3-restrictedpython 4.0~b3-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
python3-restrictedpython 4.0~b3-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7355-1
CVE-2023-37271, CVE-2023-41039, CVE-2024-47532, CVE-2025-22153
Package Information:
https://launchpad.net/ubuntu/+source/restrictedpython/6.2-1ubuntu0.24.10.1
