Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5065-1] ipython security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5065-1] ipython security update


Chronologisch Thread 
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5065-1] ipython security update
  • Date: Mon, 31 Jan 2022 19:51:25 +0000
  • List-archive: https://lists.debian.org/msgid-search/20220131195125.GA28845 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=PRnhIJYwBoP+CW3n1ZheEiqUsmw+Djjl6EGdF9U+P3E=; b=am WkaQ66kykVAcQKELqzkBM2Cmu5Jx32R25R1PNOf34Dcmrhm58e5RCao9srFOentzzh+UpnCah0NiY qHZzRPJj2B9bUQz4v29zBN41Y4rDmZ1tOkh9VCZSdHnU9rvrJSvfJCVEybKiYfnrYjM6G2mzH/ZAg Pyr/id6aqAnbbKHdlU/t4Ie0wuoPDL16NGBLw8GGXPzKFC8n9pOevJpf0oEsGrGGSGU0KjtpEMaAx g26Y+6n9NTds9n4V55jQFMYn62Tf8RjKrpe2YPUqKzyc4fFx3cHSMuuqkuPCqiSO67cXEnH+iWfbY ptrqmoSSb36ra0DP8QrCa7z5/M4xY4+g==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 31 Jan 2022 19:51:41 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <_hxjZNnwPtJ.A.ugE.M3D-hB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5065-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 31, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ipython
CVE ID : CVE-2022-21699

It was discovered that IPython, an enhanced interactive Python shell,
executed config files from the current working directory, which could
result in cross-user attacks if run from a directory multiple users
may write to.

For the oldstable distribution (buster), this problem has been fixed
in version 5.8.0-1+deb10u1.

For the stable distribution (bullseye), this problem has been fixed in
version 7.20.0-1+deb11u1.

We recommend that you upgrade your ipython packages.

For the detailed security status of ipython please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ipython

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmH4PYgACgkQEMKTtsN8
TjY8vw//d1FA/8Q7ysEl6ztpU7bDmJ+xQ3zKKL/N7usjY4WxDSxzdiSfSdzQNSLC
DZEUezNCB4Y7ojBuH4I1bvf7aHTTetGTBqgdqlZ9hEdTxSrkkz2u1HyzkyxUlhfj
Zt+SnSX2xckcRHv1jV0bv45h1Mv1WPNm6yeixVVTZ3KBYMwzax44yWKji4iPa9r2
uEECeStNONAC+h4bs10FQBN5FvcNlj047ocUkuZUzCKp6eEhOlpDYCY45Hhf2HNI
IQ3Kh5a2vulXugUGo9zduxvnkJmSMzITc4Y8aIXnbZKqGl04Xg4FoAt4oe5+Z3tS
Ug+BvIAlDHzuevI4ghnLe/QJ+uDYcmmEB1dotiCb1BQrGAZ8XDGFkh3nR+Vxw4OO
l4BgjMAY14MrpWrcViwUEiAY3f3OuYnDoCPmWDuNyC1z5d33NIVEBmbqk/6jmaNR
wNAHLktw5LA4v9LlpAUae0qBu6N0rl+CJVgazZGMTfXmnWDy2YZRtBtD1jd6FjDw
3+uAl4XldXxOAGJONBT/izdY2te1xPupTKCDZK4jdAvvp+SoP+cG8m1BHv3x6rGF
/kQJJZl4Tqd+83WTPBV4mHiSqs4Wb+yOPKWJLaIhOkcnLANq4MDMua/IVgBC+x/V
y6sd+3jJ93K/E6Qs2lhwThpt0CfylG1xnST43KZYBPe2lk4gf9Y=
=gyVd
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 5065-1] ipython security update, Moritz Muehlenhoff, 31.01.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang