CVE-2023-6597
Publication date 19 March 2024
Last updated 29 July 2024
Ubuntu priority
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Mitigation
allenpthuang> https://bugs.python.org/issue26660
Status
Package | Ubuntu Release | Status |
---|---|---|
python2.7 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
python3.10 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy |
Fixed 3.10.12-1~22.04.4
|
|
20.04 LTS focal | Not in release | |
python3.11 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal | Not in release | |
python3.12 | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
python3.4 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
14.04 LTS trusty | Ignored end of ESM support, was needs-triage | |
python3.5 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Fixed 3.5.2-2ubuntu0~16.04.13+esm13
|
|
14.04 LTS trusty |
Not affected
|
|
python3.6 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
python3.7 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Fixed 3.7.5-2ubuntu1~18.04.2+esm3
|
|
python3.8 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 3.8.10-0ubuntu1~20.04.10
|
|
18.04 LTS bionic |
Fixed 3.8.0-3ubuntu1~18.04.2+esm2
|
|
python3.9 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Fixed 3.9.5-3ubuntu0~20.04.1+esm2
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
allenpthuang
this was introduced in https://github.com/python/cpython/pull/10320/commits/dcd67c568a477ddf7524e373ac266d2f087e5665
References
Related Ubuntu Security Notices (USN)
- USN-6891-1
- Python vulnerabilities
- 11 July 2024