Ubuntu Security Notice USN-6780-1

Ubuntu Security Notice USN-6780-1: Posted May 21, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6780-1 - Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2024-3651; SHA-256 | bbb048cf814f6806a645c6dc9c2a5fdd98efe4048d43ea84e67590f8f5bad561; Download | Favorite | View

Ubuntu Security Notice USN-6780-1

==========================================================================
Ubuntu Security Notice USN-6780-1
May 21, 2024

python-idna vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

idna could be made to consume significant resources if it receives a specially crafted input.

Software Description:
- python-idna: Python IDNA2008 (RFC 5891) handling

Details:

Guido Vranken discovered that idna did not properly manage certain inputs,
which could lead to significant resource consumption. An attacker could
possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   python3-idna                    3.6-2ubuntu0.1

Ubuntu 23.10
   python3-idna                    3.3-2ubuntu0.1

Ubuntu 22.04 LTS
   python3-idna                    3.3-1ubuntu0.1

Ubuntu 20.04 LTS
   python-idna                     2.8-1ubuntu0.1
   python3-idna                    2.8-1ubuntu0.1

Ubuntu 18.04 LTS
   pypy-idna                       2.6-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   python-idna                     2.6-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   python3-idna                    2.6-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   pypy-idna                       2.0-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   python-idna                     2.0-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   python3-idna                    2.0-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6780-1
   CVE-2024-3651

Package Information:
   https://launchpad.net/ubuntu/+source/python-idna/3.6-2ubuntu0.1
   https://launchpad.net/ubuntu/+source/python-idna/3.3-2ubuntu0.1
   https://launchpad.net/ubuntu/+source/python-idna/3.3-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/python-idna/2.8-1ubuntu0.1

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice USN-6780-1

Ubuntu Security Notice USN-6780-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6780-1

Share This

Ubuntu Security Notice USN-6780-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems