<html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body> <p> </p> <div class="moz-text-plain" wrap="true" style="font-family: -moz-fixed; font-size: 12px;" lang="x-unicode"> <pre class="moz-quote-pre" wrap="">========================================================================== Ubuntu Security Notice USN-6153-1 June 12, 2023 jupyter-core vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Jupyter Core could be made to run programs as your login if it opened a specially crafted file. Software Description: - jupyter-core: Core common functionality of Jupyter projects (tools) Details: It was discovered that Jupyter Core executed untrusted files in the current working directory. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: python3-jupyter-core 4.11.1-1ubuntu0.22.10.1 Ubuntu 22.04 LTS (Available with Ubuntu Pro): python3-jupyter-core 4.9.1-1ubuntu0.1~esm1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): python3-jupyter-core 4.6.3-3ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): python-jupyter-core 4.4.0-2ubuntu0.1~esm1 python3-jupyter-core 4.4.0-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: <a class="moz-txt-link-freetext" href="https://ubuntu.com/security/notices/USN-6153-1">https://ubuntu.com/security/notices/USN-6153-1</a> CVE-2022-39286 Package Information: <a class="moz-txt-link-freetext" href="https://launchpad.net/ubuntu/+source/jupyter-core/4.11.1-1ubuntu0.22.10.1">https://launchpad.net/ubuntu/+source/jupyter-core/4.11.1-1ubuntu0.22.10.1</a> </pre> </div> </body> </html>