Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4276 USN-5585-1: Jupyter Notebook vulnerabilities 31 August 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Jupyter Notebook Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-29238 CVE-2022-24758 CVE-2020-26215 CVE-2019-10856 CVE-2019-10255 CVE-2019-9644 CVE-2018-21030 CVE-2018-19351 Original Bulletin: https://ubuntu.com/security/notices/USN-5585-1 Comment: CVSS (Max): 7.5* CVE-2022-24758 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5585-1: Jupyter Notebook vulnerabilities 30 August 2022 Several security issues were fixed in Jupyter Notebook. Releases o Ubuntu 22.04 LTS o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o jupyter-notebook - Jupyter interactive notebook Details It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting (XSS) attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. ( CVE-2018-19351 ) It was discovered that Jupyter Notebook incorrectly handled certain SVG documents. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. This issue only affected Ubuntu 18.04 LTS. ( CVE-2018-21030 ) It was discovered that Jupyter Notebook incorrectly filtered certain URLs on the login page. An attacker could possibly use this issue to perform open-redirect attack. This issue only affected Ubuntu 18.04 LTS. ( CVE-2019-10255 ) It was discovered that Jupyter Notebook had an incomplete fix for CVE-2019-10255 . An attacker could possibly use this issue to perform open-redirect attack using empty netloc. ( CVE-2019-10856 ) It was discovered that Jupyter Notebook incorrectly handled the inclusion of remote pages on Jupyter server. An attacker could possibly use this issue to perform cross-site script inclusion (XSSI) attacks. This issue only affected Ubuntu 18.04 LTS. ( CVE-2019-9644 ) It was discovered that Jupyter Notebook incorrectly filtered certain URLs to a notebook. An attacker could possibly use this issue to perform open-redirect attack. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. ( CVE-2020-26215 ) It was discovered that Jupyter Notebook server access logs were not protected. An attacker having access to the notebook server could possibly use this issue to get access to steal sensitive information such as auth/cookies. ( CVE-2022-24758 ) It was discovered that Jupyter Notebook incorrectly configured hidden files on the server. An authenticated attacker could possibly use this issue to see unwanted sensitive hidden files from the server which may result in getting full access to the server. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. ( CVE-2022-29238 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 o python3-notebook - 6.4.8-1ubuntu0.1 o jupyter-notebook - 6.4.8-1ubuntu0.1 Ubuntu 20.04 o python3-notebook - 6.0.3-2ubuntu0.1 o jupyter-notebook - 6.0.3-2ubuntu0.1 Ubuntu 18.04 o python3-notebook - 5.2.2-1ubuntu0.1 o python-notebook - 5.2.2-1ubuntu0.1 o jupyter-notebook - 5.2.2-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References o CVE-2022-24758 o CVE-2019-9644 o CVE-2022-29238 o CVE-2018-21030 o CVE-2020-26215 o CVE-2019-10856 o CVE-2019-10255 o CVE-2018-19351 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYw6r4MkNZI30y1K9AQjsyxAAnJRiH9/Fyka6R5QvbQOlW+YIiH58gjIt RYQ0jx5LcsnoHVwRJCxnRNVloNblH1SQbC3SddsXTXieyuZ5et8xcmqNdyO5NKLs U1KpUOe4F0TBGM8gn6bzZVAMstRAyZvxgTrnSq3WMO8jDylygqnNUZiz3i/7CscJ UvKYqemcUSkVkrjRCyH70DgMifxv/pwskE9FjL+vETlAfoCiOcEBlb5LaCTMf5lS vQe0/UIzJdY2PXiV2Me5/H5zLdZ9NUzWwWIjK9zOR03T3MElPBv7bW4LhjOcbQDY P4DRBzv7DJwvB//06N5xkIo/XpjkNsGvrEfiWmXECpFvcFZyJbYZrsw/Md5D6W6F QFyAEnKsxCsDq8H2W3iK94Qdn4YIhX4gf4OamG1p90++xyjIAToWv+ygyT9HmX0B DDbdpgihzLcEflivjn83ufn0JkJ1G+A7a3awNXg/FNulerW276F9hH7W2Yz1mKrY yObZqG3i3TAFer33KMeWsis/NTKGEVrxGndEo/Tr65ehXeLpvY0KLqkI7Rf8lu8o NOjbPLDphero5lPAo5mg+GLld1w/BCpXsXKDHDgm2iurYnIWlPuipzruwHeZ4g5U GZthE9rLwiTutIF/2LLy4oQh+L8h923UpoiMNNzBJSxbRwUDEtAsePknzQsX+Khn jU1lI7pK8IY= =686f -----END PGP SIGNATURE-----