USN-7348-2: Python regression

Read Time:57 Second

USN-7348-1 fixed vulnerabilities in Python. The update introduced a
regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered “private” or
“globally reachable”. This could possibly result in applications applying
incorrect security policies. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-4032)

It was discovered that Python incorrectly handled quoting path names when
using the venv module. A local attacker able to control virtual
environments could possibly use this issue to execute arbitrary code when
the virtual environment is activated. (CVE-2024-9287)

It was discovered that Python incorrectly handled parsing bracketed hosts.
A remote attacker could possibly use this issue to perform a Server-Side
Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-11168)

It was discovered that Python incorrectly handled parsing domain names that
included square brackets. A remote attacker could possibly use this issue
to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)

SecurityScorecard Observes Surge in Third-Party Breaches

Threat Actors Abuse Trust in Cloud Collaboration Platforms

Malicious npm Packages Deliver Sophisticated Reverse Shells

ETSI Publishes New Quantum-Safe Encryption Standards

AI Data Poisoning

ENISA Probes Space Threat Landscape in New Report

UK Government’s New Fraud Strategy to Focus on Tech-Enabled Threats

New Android Malware Uses .NET MAUI to Evade Detection

Cybercriminals Use Atlantis AIO to Target 140+ Platforms

Apache Tomcat RCE

USN-7375-1: Org Mode vulnerabilities

USN-7374-1: containerd vulnerability

exim-4.98.2-1.el8

exim-4.98.2-1.el9

exim-4.98.2-1.fc40