Canonical has released critical security updates to address two vulnerabilities in Python, a popular programming language. These vulnerabilities pose significant risks to systems running Python, and it is crucial to apply the necessary updates to secure your Ubuntu systems.
Python Vulnerabilities 2024
CVE-2024-0397
A memory race condition was discovered in the Python SSL module. This issue arises when handling the APIs to obtain CA certificates and certificate store statistics. The memory race condition could lead to applications obtaining incorrect results, which might result in various SSL issues, potentially compromising the security of encrypted communications.
CVE-2024-4032
The Python ipaddress module was found to contain incorrect information about which IP address ranges are considered “private” or “globally reachable.” This flaw could lead to applications applying incorrect security policies, potentially exposing systems to unauthorized access or other security breaches.
How To Stay Secure
To protect your Ubuntu systems, it is essential to apply the patches provided by Canonical by updating your Python package to the latest version. A standard system update will implement all necessary changes to secure your system. Canonical has released updates for supported Ubuntu releases, including Ubuntu 24.04, Ubuntu 22.04, and Ubuntu 20.04.
Also, it is important to note that many organizations still rely on older releases like Ubuntu 16.04 and Ubuntu 18.04, which no longer receive official security support. To address this challenge, TuxCare offers Extended Lifecycle Support (ELS), providing security patching for various end-of-life Linux distributions. This includes Ubuntu 16.04 and 18.04, as well as CentOS (6, 7, and 8), CentOS Stream 8, and Oracle Linux 6.
By leveraging TuxCare’s ELS, organizations can ensure continued security for their legacy systems while planning for a migration to supported versions. This approach helps maintain compliance and protect critical infrastructure from vulnerabilities.
Conclusion
The discovery of Python vulnerabilities highlights the importance of keeping software up-to-date and applying security patches promptly. Organizations running Python on their Linux systems must take immediate action to apply essential updates to safeguard their environments. Additionally, for those relying on older, unsupported distributions, Extended Lifecycle Support offers a valuable solution to maintain security and compliance.
Source: USN-6928-1
The post Two Python Vulnerabilities Addressed in Ubuntu appeared first on TuxCare.
*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Read the original post at: https://tuxcare.com/blog/two-python-vulnerabilities-addressed-in-ubuntu/
Rohan Timalsina CVE-2024-0397, CVE-2024-4032, end-of-life Linux, Extended Lifecycle Support, Linux & Open Source News, Python CVE, Python security, Python security best practices, Python vulnerabilities, Python vulnerabilities 2024, security patches, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, Ubuntu Security Fixes, Ubuntu Security Notices, Ubuntu Security Updates