|
|
Log in / Subscribe / Register

Ubuntu alert USN-7979-1 (jaraco.context)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7979-1] jaraco.context vulnerability


Date:
              Tue, 27 Jan 2026 16:42:53 +0000


Message-ID:
              <E1vkm9V-0007iO-Tq@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7979-1
January 27, 2026

jaraco.context vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10

Summary:

jaraco.context could be made to overwrite files.

Software Description:
- jaraco.context: context managers extending functionality of Python's contextlib

Details:

It was discovered that jaraco.context incorrectly handled certain zip file
paths. An attacker could possibly use this issue to extract arbitrary files
outside of the intented extraction directory.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  python3-jaraco.context          6.0.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7979-1
  CVE-2026-23949

Package Information:
  https://launchpad.net/ubuntu/+source/jaraco.context/6.0.1...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAml46soACgkQcpJm3tlz
hgFJMQ//Uaw3sdpN+q3QqJlhTq/Zf5Nivx+jkaVcxVYdc+9MZAemLhMAveZx7ZlJ
Ybz/bJthJcirUOgtDvVZzxK0+/iEdcE9thiyTr36xNxtQ3Vwi5tDhm+SKtb3Z5g/
CvizBopeaLkjJLeK1aTlMqM77MXI2O0zzIE6jt0NaCBbTYsbQ8MIwrvzUZsyqRwG
/QrYpC/7zQb3u+LGUTjByMKOTM+sNDP+WCEv5Kiu4KEZArgg0+rpddjsrcmhaSGX
Lt6qAmM0rq97UKNungUlhebXQ1WDcRcG0po+BLx7Y9QVziMSYpy6OEOA8/LeFDQQ
80jlbFq34wCXyjGEtAB3G+ZoZYNOhWve+wCNwXEQ3ADJSxbTa0B3nT4IedlXwdJ1
symN5WaaPIdZJMpGj7tuJfAnRp78PgjGDYjgn5PbNDTWAC277gDeoTckdybXh0WZ
Lsd0zf33W4x1B0pbg+ZyHa6QlKtuL94JwT2BNWmRwdV6/lkV3VoVfEe+vo2U7/QZ
lHRvT/lNJvqza5jdHWf26P8yAvZCH//ZIEDIxECMx8pwTyI5tV1w1S0QQS4Zom+a
xxV5c+99ov7eygzxZPXnGOYm216DdKnE8gT+gp+F8xhn91S4s4+IBjhSH183JP2K
m88S8QlM/8p1NM+2jj1/TPSbJ+GFBSgt016lW3WvUTTXrk+H3bU=
=OckB
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds