{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* SECURITY UPDATE: Improper validation of bracketed hosts in urllib\n - debian/patches/CVE-2024-11168.patch: add checks to ensure that bracketed\n hosts found by urlsplit are of IPv6 or IPvFuture format\n - CVE-2024-11168\n * SECURITY UPDATE: Incomplete validation of bracketed hosts in urllib\n - debian/patches/CVE-2025-0938.patch: disallow square brackets\n (`[` and `]`) in domain names for parsed URLs\n - CVE-2025-0938\n * SECURITY UPDATE: Incorrent information about whether certain IPv4 and IPv6\n addresses were designated as “globally reachable” or “private” in\n ipaddress module\n - debian/patches/CVE-2024-4032.patch: fix \"private\" (non-global) IP\n address ranges\n - CVE-2024-4032", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2025/clsa-2025_1742379028.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1742379028", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1742379028" } ], "tracking": { "current_release_date": "2025-05-19T15:19:31Z", "generator": { "date": "2025-05-19T15:19:31Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1742379028", "initial_release_date": "2025-03-19T10:10:30Z", "revision_history": [ { "date": "2025-03-19T10:10:30Z", "number": "1", "summary": "Initial version" }, { "date": "2025-05-19T15:19:31Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Fix CVE(s): CVE-2024-11168, CVE-2024-4032, CVE-2025-0938" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product": { "name": "libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_id": "libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libpython3.5@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=amd64" } } }, { "category": "product_version", "name": "python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product": { "name": "python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_id": "python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/python3.5-venv@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=amd64" } } }, { "category": "product_version", "name": "python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product": { "name": "python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_id": "python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/python3.5@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=amd64" } } }, { "category": "product_version", "name": "python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product": { "name": "python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_id": "python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/python3.5-minimal@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=amd64" } } }, { "category": "product_version", "name": "libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product": { "name": "libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_id": "libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libpython3.5-dev@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=amd64" } } }, { "category": "product_version", "name": "libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product": { "name": "libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_id": "libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libpython3.5-minimal@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product": { "name": "libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product_id": "libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libpython3.5-testsuite@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=all" } } }, { "category": "product_version", "name": "python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product": { "name": "python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product_id": "python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/python3.5-doc@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=all" } } }, { "category": "product_version", "name": "idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product": { "name": "idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product_id": "idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/idle-python3.5@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=all" } } }, { "category": "product_version", "name": "python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product": { "name": "python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product_id": "python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/python3.5-examples@3.5.2-2ubuntu0~16.04.13%2Btuxcare.els19?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" }, "product_reference": "libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all" }, "product_reference": "libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all" }, "product_reference": "python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" }, "product_reference": "python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all" }, "product_reference": "idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all" }, "product_reference": "python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" }, "product_reference": "python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" }, "product_reference": "python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" }, "product_reference": "libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" }, "product_reference": "libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-4032", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "notes": [ { "category": "description", "text": "The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-4032" } ], "release_date": "2024-06-17T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Ubuntu-16:libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2024-11168", "cwe": { "id": "CWE-1287", "name": "Improper Validation of Specified Type of Input" }, "notes": [ { "category": "description", "text": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-11168" } ], "release_date": "2024-11-12T21:22:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Ubuntu-16:libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-0938", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-0938" } ], "release_date": "2025-01-31T17:51:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Ubuntu-16:libpython3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-testsuite-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-doc-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-venv-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:idle-python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-examples-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.all", "Ubuntu-16:python3.5-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:python3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-dev-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64", "Ubuntu-16:libpython3.5-minimal-1:3.5.2-2ubuntu0~16.04.13+tuxcare.els19.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] } ] }