USN-5817-1: Setuptools vulnerability
23 January 2023
Setuptools could be made to crash if it received specially crafted input.
Releases
Packages
- python-setuptools - Python Distutils Enhancements
- setuptools - Python Distutils Enhancements
Details
Sebastian Chnelik discovered that setuptools incorrectly handled
certain regex inputs. An attacker could possibly use this issue
to cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
-
python-setuptools
-
44.1.1-1.2ubuntu0.22.10.1
-
pypy-setuptools
-
44.1.1-1.2ubuntu0.22.10.1
-
python3-setuptools
-
59.6.0-1.2ubuntu0.22.10.1
Ubuntu 22.04
-
python-setuptools
-
44.1.1-1.2ubuntu0.22.04.1
-
pypy-setuptools
-
44.1.1-1.2ubuntu0.22.04.1
-
python3-setuptools
-
59.6.0-1.2ubuntu0.22.04.1
Ubuntu 20.04
-
python-setuptools
-
44.0.0-2ubuntu0.1
-
pypy-setuptools
-
44.0.0-2ubuntu0.1
-
python3-setuptools
-
45.2.0-1ubuntu0.1
Ubuntu 18.04
-
python-setuptools
-
39.0.1-2ubuntu0.1
-
pypy-setuptools
-
39.0.1-2ubuntu0.1
-
python3-setuptools
-
39.0.1-2ubuntu0.1
Ubuntu 16.04
-
python-setuptools
-
20.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
pypy-setuptools
-
20.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
python3-setuptools
-
20.7.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
python-setuptools
-
3.3-1ubuntu2+esm1
Available with Ubuntu Pro
-
python3-setuptools
-
3.3-1ubuntu2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.