USN-7348-1: Python vulnerabilities

Read Time:50 Second

It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered “private” or
“globally reachable”. This could possibly result in applications applying
incorrect security policies. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-4032)

It was discovered that Python incorrectly handled quoting path names when
using the venv module. A local attacker able to control virtual
environments could possibly use this issue to execute arbitrary code when
the virtual environment is activated. (CVE-2024-9287)

It was discovered that Python incorrectly handled parsing bracketed hosts.
A remote attacker could possibly use this issue to perform a Server-Side
Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-11168)

It was discovered that Python incorrectly handled parsing domain names that
included square brackets. A remote attacker could possibly use this issue
to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)

Friday Squid Blogging: Squid Facts on Your Phone

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

SAP Fixes Critical Vulnerability After Evidence of Exploitation

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Cryptocurrency Thefts Get Physical

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

Popular LLMs Found to Produce Vulnerable Code by Default

Hackers access sensitive SIM card data at South Korea’s largest telecoms company

USN-7348-1: Python vulnerabilities

USN-7455-4: Linux kernel (Oracle) vulnerabilities

ZDI-CAN-26945: NI

Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028)

chromium-135.0.7049.114-1.fc41

chromium-135.0.7049.114-1.el10_1

chromium-135.0.7049.114-1.fc42