.. _CVE-2023-40217:
==============================================================
230824 [CVE-2023-40217] Bypass TLS handshake on closed sockets
==============================================================
Vulnerability Details
---------------------
**What is the vulnerability?**
A SSL Security issue has been raised with this version of Python, here is the errata :
`Mailman 3 [CVE-2023-40217] Bypass TLS handshake on closed sockets -
Security-announce - python.org `_
**Is this vulnerability in Peek?**
No. This is an upstream software vulnerability from cpython.
**How severe is it?**
It is high as per Python mail list: `Mailman 3
[CVE-2023-40217] Bypass TLS handshake on closed sockets - Security-announce -
python.org `_
The exact score is pending.
`NVD - CVE-2023-40217 `_
**What can we do to fix it?**
We can patch python code.
For Python 3.9, use this patch: `Check for & avoid the ssl pre-close flaw `_
Patch Instructions
------------------
Download the Patch File :download:`Here <0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch>`
----
Use scp to transfer the file to your server. ::
scp 0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch peek@[hostname]:/home/peek
----
SSH to the Peek Server as the Peek User. ::
ssh peek@[hostname]
----
Change to the Python3.9 Directory. ::
cd /home/peek/opt/lib/python3.9
----
Run: ::
python -m patch_ng --debug /home/peek/0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch
.. note:: :code:`INFO successfully patched 1/1: b'ssl.py'` Will be printed to
the terminal if the patch was successful.
----
Restart Peek: ::
restart_peek.sh
----
Remove the patch file: ::
rm /home/peek/0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch