230824 [CVE-2023-40217] Bypass TLS handshake on closed sockets¶
Vulnerability Details¶
What is the vulnerability?
A SSL Security issue has been raised with this version of Python, here is the errata : Mailman 3 [CVE-2023-40217] Bypass TLS handshake on closed sockets - Security-announce - python.org
Is this vulnerability in Peek?
No. This is an upstream software vulnerability from cpython.
How severe is it?
It is high as per Python mail list: Mailman 3 [CVE-2023-40217] Bypass TLS handshake on closed sockets - Security-announce - python.org
The exact score is pending. NVD - CVE-2023-40217
What can we do to fix it?
We can patch python code. For Python 3.9, use this patch: Check for & avoid the ssl pre-close flaw
Patch Instructions¶
Download the Patch File Here
Use scp to transfer the file to your server.
scp 0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch peek@[hostname]:/home/peek
SSH to the Peek Server as the Peek User.
ssh peek@[hostname]
Change to the Python3.9 Directory.
cd /home/peek/opt/lib/python3.9
Run:
python -m patch_ng --debug /home/peek/0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch
Note
INFO successfully patched 1/1: b'ssl.py' Will be printed to
the terminal if the patch was successful.
Restart Peek:
restart_peek.sh
Remove the patch file:
rm /home/peek/0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch