vulnerability

Ubuntu: USN-6891-1 (CVE-2023-6507): Python vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:M/C:N/I:C/A:N)	12/08/2023	07/12/2024	01/30/2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:N/I:C/A:N)

Published

12/08/2023

Added

07/12/2024

Modified

01/30/2025

Description

An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.

When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list.

This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).

Solution(s)

ubuntu-upgrade-python3-11ubuntu-upgrade-python3-11-minimalubuntu-upgrade-python3-12ubuntu-upgrade-python3-12-minimal

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today