Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-7348-2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.12.2025.7348.2

Categoría: Ubuntu Local Security Checks

Título: Ubuntu: Security Advisory (USN-7348-2)

Resumen: The remote host is missing an update for the 'python3.5, python3.8' package(s) announced via the USN-7348-2 advisory.

Descripción: Summary:
The remote host is missing an update for the 'python3.5, python3.8' package(s) announced via the USN-7348-2 advisory.

Vulnerability Insight:
USN-7348-1 fixed vulnerabilities in Python. The update introduced a
regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered 'private' or
'globally reachable'. This could possibly result in applications applying
incorrect security policies. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-4032)

It was discovered that Python incorrectly handled quoting path names when
using the venv module. A local attacker able to control virtual
environments could possibly use this issue to execute arbitrary code when
the virtual environment is activated. (CVE-2024-9287)

It was discovered that Python incorrectly handled parsing bracketed hosts.
A remote attacker could possibly use this issue to perform a Server-Side
Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-11168)

It was discovered that Python incorrectly handled parsing domain names that
included square brackets. A remote attacker could possibly use this issue
to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)

Affected Software/OS:
'python3.5, python3.8' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 20.04.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2025-0938

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.12.2025.7348.2
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu: Security Advisory (USN-7348-2)
Resumen:	The remote host is missing an update for the 'python3.5, python3.8' package(s) announced via the USN-7348-2 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python3.5, python3.8' package(s) announced via the USN-7348-2 advisory. Vulnerability Insight: USN-7348-1 fixed vulnerabilities in Python. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered 'private' or 'globally reachable'. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-4032) It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated. (CVE-2024-9287) It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-11168) It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938) Affected Software/OS: 'python3.5, python3.8' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2025-0938
Copyright	Copyright (C) 2025 Greenbone AG