==========================================================================
Ubuntu Security Notice USN-4204-1
November 28, 2019
python-psutil vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
psutil could be made to crash or run programs.
Software Description:
– python-psutil: module providing convenience functions for managing processes
Details:
Riccardo Schirone discovered that psutil incorrectly handled certain
reference counting operations. An attacker could use this issue to cause
psutil to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
python-psutil 5.5.1-1ubuntu0.19.10.1
python3-psutil 5.5.1-1ubuntu0.19.10.1
Ubuntu 19.04:
python-psutil 5.5.1-1ubuntu0.19.04.1
python3-psutil 5.5.1-1ubuntu0.19.04.1
Ubuntu 18.04 LTS:
python-psutil 5.4.2-1ubuntu0.1
python3-psutil 5.4.2-1ubuntu0.1
Ubuntu 16.04 LTS:
python-psutil 3.4.2-1ubuntu0.1
python3-psutil 3.4.2-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4204-1
CVE-2019-18874
Package Information:
https://launchpad.net/ubuntu/+source/python-psutil/5.5.1-1ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/python-psutil/5.5.1-1ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/python-psutil/5.4.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-psutil/3.4.2-1ubuntu0.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3f12gACgkQZWnYVadE
vpOVLg//YRzafaNKuVQACIN+jR8oR0vCbPtWON1Ok/re0D1f94LZFLF4+kfvilLI
Kak7dnTlVHI7XPs0pyPBeBFsXgKza1MyHYLP8hncSCfBbo5HUkeIJPGyYSSVSYH2
FTRLCsyie85XhEHLh+VvhyafDlN3i9tjMxsLiMVzMqhqAB7D+MSy96uraxtjE9vt
oJ3z0+UpI8mzpF1nojBobbSRHRgLXOpjjkTHIipoUtsS4z5G/MmpibCW01+BosFu
k/UI9VAn67xnmseGzSuTXlrVkFucDwcffTvu9uH4HJiuabI98tMYHQdUUaduqJ6T
HTxGnR49z6lhEiyFhBO4lVSgaU9HFdmcQPoFuz8hXFppNDHvupTLDUi3FE26rPKY
1ujqpmxqmsfCF508DEj86y7jDksJf4i49oXmmpMKfAiqaj1hduLan5cuLfy/tg+x
SP+SafRt8AVbdcDhBDTwr8oUTbK0UeH86jJUM08aRY8HZy/53cS48eDqoGlDgroD
ygwRTawej2fpArVZVVB8oudcJngjwRb9Yk/8zm9gkOgp8doVHI2ydL0lEcbWrDGY
p92fxwS4TwbRSUde58u8qCrB9PzcvNl36k74l1fCfS2okULyrktub2fSOB+WTjIy
uxVlkpdoSM868qYT42Gz5PjVy8DzvaIg2WRI76Vrb09EJAUh67A=
=gQbu
—–END PGP SIGNATURE—–
—