Ubuntu alert USN-7216-1 (tqdm)
| From: | Nico Campuzano <nicolas.campuzano@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7216-1] tqdm vulnerability | |
| Date: | Thu, 16 Jan 2025 18:28:05 -0500 | |
| Message-ID: | <3cb6ffb6-e6a1-487c-adb7-e205b817704a@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7216-1 January 16, 2025 tqdm vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: tqdm could be made to crash or to allow arbitary code execution if it received specially crafted input. Software Description: - tqdm: fast, extensible progress bar for Python 3 and CLI tool Details: It was discovered that tqdm did not properly sanitize non-boolean CLI Arguments. A local attacker could possibly use this issue to execute arbitrary code on the host. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-34062) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-tqdm 4.66.2-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS python3-tqdm 4.57.0-2ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7216-1 CVE-2024-34062
Attachment: OpenPGP_0x945CCA55E4D641EE.asc (type=application/pgp-keys)
-----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBGczyMYBEADYxpX1o2OlzXE8GH0zFPOaJzN2NiNWihzpruUagrv+K0iOkVrk L2cZwyPS0LXr6ztuhey6UBt29e3gqmip0a6qsL9fSdpunElPu2pCf1hZjazOWYEd flenRp7gkvUz5xYypcXG3MpP5pfgOm8oRxXJE4yGuwsS/YsAd0XFfUEZCQZZiEpW cbo46e+EZocrnb1aDCzxyPhvlgYdEHfIsnthcBa9JRTgJfyEulba7mpu89NLTvE/ T4J9QTWrDfb8VAw5JOoMZTbP7S4Ve4NEnoXY5Tbh94JSQgn3p7RnYDbRy0hiXBZr BuzTU/Hd7Ogydg6vGCqs0AT2CoZXNwbiKXeg+08TQJkMLn91hTPyqcORPq8+ojuR y8uKb713n68ko7ZdxXV1J+JNE+wgFMW1uWwuQTLXP/w1FUtOGOTT/PRtcKs2dNAh IDF0TBcbTzfiCYsjAp/KlJMhFlWePg3Fq2KiXY0AEpcFVy/MgpdSVlMzgCVtmUCf J6oAI+so1QJ8sUaH/byXvrRSN3CEnlecwBmUFGSzFWj25NUP4HaVdengzudxBTPJ IyZx8kYtnwPRAMu1s4aa7eQ3iOA8NlU0YTccBdfnyvu8xd7zVd6U/dMeoBdpoH6O C6SBJhboGrplZQVmclAGufB5HEroQzgcQejWTZShArMOtud0fEbW0GY5MwARAQAB zTtOaWNvbGFzIENhbXB1emFubyBKaW1lbmV6IDxuaWNvbGFzLmNhbXB1emFub0Bj YW5vbmljYWwuY29tPsLBkQQTAQoAOxYhBCpdQmj56NkMuPwFPJRcylXk1kHuBQJn M8jGAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEJRcylXk1kHuPBEQ AK4SCs6z7l9RepNkOMa0UyEMpRqbPg2ozNPovttTOa1o0fsZP55/zoRO0JWrDtYN /ANpXoHn7hUrvmWNicN8NYosk7jfcojgcg+awQf9Y7+bWshaq01MbXnXjjbadpsK S4+6iJvD0R4Yb6dUtc4eTujCIdyUz62dvv8eL1Mv9fnPDDb44VVtBDb1G5CQHC3c TFZanIaUvVkxtvK3YW5DmoJCxgsX3IYI/uNRsW5PiVYZVIST+yWNtkavyty3EhgR qozDd+4TWi07DqJ5ZGeTvUboZLPhWWaflUc+BXzrcZl8EIbZxFrL4xZBeXyMYgKE Pti1dkbhuosiRHevxWb4pQucnBKsmA1l0JcVLba2Czl3d7pilATM3qjBhmXe4+cC jaBbWFsA2emLZArcI+nUywsUlgrgjDyn4EKBoMutxe9Z+NDahe9fgW06wjkY9NhY OdlOMvSvFvJsYbl9oTnCOaQ+LGi7p47hqROnVV677AMnDlXERMd6vDb8OKakuiqz 6aQ66UoU9x91lqBZUSQ1LOvGqvnCVgADGgnYBzZD4oqrirB8Uq0WLr/Inw+IHzOu 4+e2uHnd17YezkbU1KvGjjVbUMaG/ZIFSf9CSj7dCBBV/zHncXSmPYZoY+4HZvGh loUChaXBw4zLabvP4Y1+UovLBxHx7lINJUmhOnSD05XozsFNBGczyMYBEADZarOS 9ZAF00Q6uC+onnCCI7wEomVA1nopEmLXq6bqvYgoZP6VH9WGgd/N+coozYkVUT0w ZlhkLQrwYlipWYhkxJlLSmLaM+hCMTwj6MTF+GFpR5a1Wh0uflBZDR2Y+4aqx1pU bG6Xhhga3g5WBmQLrfisnOONbG0Xy8ngV1p4FbVez3iFyPxCSDq9Lf78HlR0HpGR NYkQcXBBnQ19iQAJN0+EUIwONNhytRcmnp4MpfdIFbefvF/JjYy7rpmpe8QaRT/d +QFZPVtCVfxwoxnz9nj3Ju3PneGJglAAnc/SyKxM4tXu+7U2zX4g9NxOT03sqVjl gGk/PhLZspjsZxsuuGi5+LBiZ97OGesd8vuOD4LGOhj05beIHuZ8Svt34EdTvyJz 3Pcz+CCbqPdX6ZRUszlPr1VLSgA2vr4UhMrmvK4vRC5HoLygbSvIQzqRPPmgiXCs +0G9GnmgOJtVwAfL4s7bmOwKBKeiEWAm+uyVKmJ8bRVFIxKnua6J+Ph0H47qvX0C bi81EY9XAIXyzdYFM3oboXXdFDDFX/OwPJAatbxJVZiYwChX/pj/pT3aThLhW1y5 zBP7V+4GG19q7AMUjsR+h7z46+v8+8NMHyx9fwEniscrP9txVPqrhqM/mqpplGTo FBvdnbhn5lLEUFokPnOM/uMVHB4ZZkLmygLqwQARAQABwsF2BBgBCgAgFiEEKl1C aPno2Qy4/AU8lFzKVeTWQe4FAmczyMYCGwwACgkQlFzKVeTWQe5UQBAAi4eG6e4G w5vLcDki2FVqah08xE5XJTAFg8Zc9dXrG/j2DD2FiPe+LMabiSQ93ZGxePIehSOx QmDdGsE1lYlWL2NdNDoPZkHMIGH5EgcxUyEIY8zTVKxO6WGsMY1B3el8aoWzdPST u+jjW6gBcuN3e3h9FKFz2eXRVGiD0YKGQo5WxJkRjjNWr8C9QUZmtI88Q/HRnV9j grTj/pHHQlqkfM8P97vSc+YhVeprRD3Jtz/zZHUQG2tWiWsH8XHz6/WD3FoQIJY+ gKxsxGPw3hRVNrdJrYihs0M3IJm1BRX19eYyo5kO6AMhPsdUHgG+IZeVEpVFmRkm NZOzj0PjBdTs3D7i8zAOyW/wFZsqVz/zwY9snryTZI2IkdMzUQBoeL7pDJDgJVoq YJMXQmUS53PrgNLWM1W+Nli28NNfCgQyX5u5/N7Dy9FfqjN5+Uc7jP1mfYp5W66a 4xrRjLvACn65hi9a0B1jfDLpS96Yh4DgZRaqp9yiYxcwfHcWonyluyysvv7qExkI bOwO4WVIygmoutFeJJh3JnhIZ+lnxBBQxdzTy7KwhzNgqKgE3rDMtUfq+Rym0yjM ReWdD/tRjKzJJWldXY681rlnEc7ELBRV25NckO68njNjeBG16D9IZJe5nVYP/ud7 3L0Qt9MsQJBHumRxTZ7yqg6740Pi8AVhXl0= =1C3W -----END PGP PUBLIC KEY BLOCK-----
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAmeJlgcFAwAAAAAACgkQlFzKVeTWQe4S Zg//byrgwK4jwH+lhVjLC1ChuJuQLlT4tkjxDcl6ld1/inYXYNyTvbWyCiCP8Yjil1lr38QA/Row GBGdGztmeCy/KNTb1cVMkZTdRUeDMCAef4WKeGuoHiHJ+W0BUvI2w4AwU0M/tX1LCYGhI8aVCgCk WAA4ByWToExUXOonSKPoRYvbla/RHaqJKQ6P2Y/zDEjLoBIsTWmvLQpnOaRpdKQdnAknts8SxkjP kfUs9GfnUTgWxJWbjomkqF5jnve467I8TrVBmQv6zJZzuOzq9VQUT7oyQnoW/jCiq4rdNJzeE2Wj SGza0TmcNPeTAKioRuRR3kaxP5bGx9E2Sj2nqO624pfsQtBcUtMaTYIjHAhy900kluwz3yDr+s6s 64f6yDiNCO0eyHeTJFvWIW1bZPbVNEqefz4vbPmOmTw5GPJIOBJv9NhEnWxEpwVxEamxSga8qWg2 J82Vrygjt52rQUBKD9Zl0r6Xn3mwA99TmBSN2hb1CsJiEE0NqCSGzBCTYDQeEChjP82jUU6Hy14e nY7WeT9oGC8Ftxna0x3ZQsAfcKevw82Z8U3HhTfRRw63j6Mx/6C44UAeDXCNQ7xe4u2AYdrWTJTa tA7Z/6+LfAwFJ6AmevseqVRJ0mS4BoIy3y+x0BoHByHwMI0hxLz9oCKuv4oqXxmRhCGq9LEQIs4g qsM= =2kpZ -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)