Two Python Vulnerabilities Addressed in Ubuntu - #CVE-2024-0397
Canonical has released updates to address two critical vulnerabilities in Python for Ubuntu systems, specifically CVE-2024-0397 and CVE-2024-4032. The first involves a memory race condition in the Python SSL module that could compromise encrypted communications, while the second concerns the Python ipaddress module's incorrect categorization of IP address ranges, leading to potential unauthorized access. Users are strongly advised to update their Python packages to the latest version through a standard system update. This is especially important for organizations using older Ubuntu releases like 16.04 and 18.04, which no longer receive official security support. TuxCare's Extended Lifecycle Support (ELS) offers security patching for these legacy systems, aiding in compliance and protection against vulnerabilities while planning for migration to supported versions.