UbuntuUpdates.org

Package "jupyter-notebook"

Name: jupyter-notebook

Description:

Jupyter interactive notebook
Latest version: 6.0.3-2ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://github.com/jupyter/notebook

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "jupyter-notebook"

All arch deb package
APT INSTALL

Other versions of "jupyter-notebook" in Focal

Repository Area Version
base universe 6.0.3-2
updates universe 6.0.3-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 6.0.3-2ubuntu0.1 2022-08-30 12:06:25 UTC

  jupyter-notebook (6.0.3-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Crafted link to login page redirects to malicious site
    (LP: #1982670)
    - debian/patches/CVE-2019-10856.patch: Handle empty netloc being
      interpreted as first path part being the netloc by buggy browsers.
    - CVE-2019-10856
  * SECURITY UPDATE: Crafted link to login page redirects to spoofed server
    (LP: #1982670)
    - debian/patches/CVE-2020-26215.patch: Validate redirect target in
      TrailingSlashHandler.
    - CVE-2020-26215
  * SECURITY UPDATE: Sensitive information disclosure leading to unauthorized
    access (LP: #1982670)
    - debian/patches/CVE-2022-24758.patch: Log only a non-sensitive subset of
      the headers when a HTTP 5xx error other than HTTP 502 is triggered.
    - CVE-2022-24758
  * SECURITY UPDATE: Access to hidden files or to files in hidden directories
    (LP: #1982670)
    - debian/patches/CVE-2022-29238-1.patch: Add checks for hidden file or path on
      file get.
    - debian/patches/CVE-2022-29238-2.patch: added hidden checks on
      FileContentsManager and accompanying tests.
    - debian/patches/CVE-2022-29238-3.patch: Added hidden checks on
      notebook/services/contents/handlers.py and accompanying tests.
    - debian/patches/CVE-2022-29238-4.patch: Update log message to mention
      hidden directories.
    - debian/patches/CVE-2022-29238-5.patch: Update error messages to not
      mention hidden files.
    - CVE-2022-29238

 -- Luís Infante da Câmara <email address hidden> Sun, 28 Aug 2022 23:08:58 +0100
1982670 Multiple vulnerabilities in Bionic, Focal, Jammy and Kinetic
CVE-2019-10856 In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.
CVE-2020-26215 Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser
CVE-2022-24758 The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive
CVE-2022-29238 Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook serve


About   -   Send Feedback to @ubuntu_updates