Ubuntu Security Notice USN-5526-2 ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[14] Download^[15]

        =========================================================================
Ubuntu Security Notice USN-5526-2
August 17, 2022
pyjwt regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
USN-5526-1 introduced a regression in PyJWT.
Software Description:
- pyjwt: Python 3 implementation of JSON Web Token
Details:
USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a
regression by incrementing the internal package version number on Ubuntu
22.04 LTS.  This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Aapo Oksman discovered that PyJWT incorrectly handled signatures
constructed from SSH public keys. A remote attacker could use this to forge
a JWT signature.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
python3-jwt                     2.3.0-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5526-2
https://ubuntu.com/security/notices/USN-5526-1
https://launchpad.net/bugs/1986487
Package Information:
https://launchpad.net/ubuntu/+source/pyjwt/2.3.0-1ubuntu0.2

• Follow us on Twitter^[18]
• Subscribe to an RSS Feed^[19]

File Tags

• ActiveX^[20] (932)
• Advisory^[21] (77,995)
• Arbitrary^[22] (15,206)
• BBS^[23] (2,859)
• Bypass^[24] (1,577)
• CGI^[25] (1,013)
• Code Execution^[26] (6,724)
• Conference^[27] (671)
• Cracker^[28] (797)
• CSRF^[29] (3,274)
• DoS^[30] (21,958)
• Encryption^[31] (2,335)
• Exploit^[32] (50,004)
• File Inclusion^[33] (4,152)
• File Upload^[34] (945)
• Firewall^[35] (821)
• Info Disclosure^[36] (2,561)
• Intrusion Detection^[37] (858)
• Java^[38] (2,821)
• JavaScript^[39] (802)
• Kernel^[40] (6,104)
• Local^[41] (14,046)
• Magazine^[42] (586)
• Overflow^[43] (12,238)
• Perl^[44] (1,413)
• PHP^[45] (5,054)
• Proof of Concept^[46] (2,283)
• Protocol^[47] (3,328)
• Python^[48] (1,404)
• Remote^[49] (29,798)
• Root^[50] (3,456)
• Ruby^[51] (578)
• Scanner^[52] (1,630)
• Security Tool^[53] (7,717)
• Shell^[54] (3,069)
• Shellcode^[55] (1,203)
• Sniffer^[56] (882)
• Spoof^[57] (2,103)
• SQL Injection^[58] (16,042)
• TCP^[59] (2,365)
• Trojan^[60] (676)
• UDP^[61] (869)
• Virus^[62] (660)
• Vulnerability^[63] (30,570)
• Web^[64] (9,075)
• Whitepaper^[65] (3,722)
• x86^[66] (943)
• XSS^[67] (17,366)
• Other^[68]

File Archives

• August 2022^[69]
• July 2022^[70]
• June 2022^[71]
• May 2022^[72]
• April 2022^[73]
• March 2022^[74]
• February 2022^[75]
• January 2022^[76]
• December 2021^[77]
• November 2021^[78]
• October 2021^[79]
• September 2021^[80]
• Older^[81]

Systems

• AIX^[82] (426)
• Apple^[83] (1,890)
• BSD^[84] (368)
• CentOS^[85] (55)
• Cisco^[86] (1,913)
• Debian^[87] (5,948)
• Fedora^[88] (1,690)
• FreeBSD^[89] (1,241)
• Gentoo^[90] (4,184)
• HPUX^[91] (878)
• iOS^[92] (319)
• iPhone^[93] (108)
• IRIX^[94] (220)
• Juniper^[95] (67)
• Linux^[96] (42,651)
• Mac OS X^[97] (683)
• Mandriva^[98] (3,105)
• NetBSD^[99] (255)
• OpenBSD^[100] (478)
• RedHat^[101] (11,852)
• Slackware^[102] (941)
• Solaris^[103] (1,607)
• SUSE^[104] (1,444)
• Ubuntu^[105] (7,942)
• UNIX^[106] (9,100)
• UnixWare^[107] (185)
• Windows^[108] (6,446)
• Other^[109]

© 2022 Packet Storm. All rights reserved.

Read more https://packetstormsecurity.com/files/168104/USN-5526-2.txt