USN-6513-2

Advisory lineage Upstream: 2 Downstream: 0
Published: 27 Nov 2023, 18:11
Last modified:27 Apr 2026, 16:58

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

27 Nov 2023, 18:11
Published
Vulnerability first disclosed
27 Apr 2026, 16:58
Last Modified
Vulnerability information updated

Description

python3.8, python3.10, python3.11 vulnerability USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2022-48564) It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217)

Affected Systems

  • ubuntupython3.10

    < 3.10.12-1~22.04.3

  • ubuntupython3.8

    < 3.8.10-0ubuntu1~20.04.9

References (2)