1. Ubuntu Security Notices
  2. USN-7355-1

USN-7355-1: RestrictedPython vulnerabilities

Publication date

18 March 2025

Overview

Several security issues were fixed in RestrictedPython.

Releases

Packages

Details

Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not
properly sanitize certain inputs. An attacker could possibly use this
issue to execute arbitrary code. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-37271)

Abhishek Govindarasu, Ankush Menat and Ward Theunisse discovered that
RestrictedPython did not correctly handle certain format strings. An
attacker could possibly use this issue to leak sensitive information.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-41039)

It was discovered that RestrictedPython did not correctly restrict access
to certain fields. An attacker could possibly use this issue to leak
sensitive information. (CVE-2024-47532)

It was discovered that RestrictedPython contained a type confusion
vulnerability. An...

Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not
properly sanitize certain inputs. An attacker could possibly use this
issue to execute arbitrary code. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-37271)

Abhishek Govindarasu, Ankush Menat and Ward Theunisse discovered that
RestrictedPython did not correctly handle certain format strings. An
attacker could possibly use this issue to leak sensitive information.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-41039)

It was discovered that RestrictedPython did not correctly restrict access
to certain fields. An attacker could possibly use this issue to leak
sensitive information. (CVE-2024-47532)

It was discovered that RestrictedPython contained a type confusion
vulnerability. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2025-22153)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.10 oracular python3-restrictedpython –  6.2-1ubuntu0.24.10.1
24.04 noble python3-restrictedpython –  6.2-1ubuntu0.24.04.1~esm1  
22.04 jammy python3-restrictedpython –  4.0~b3-3ubuntu0.1~esm1  
20.04 focal python3-restrictedpython –  4.0~b3-2ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›