230824 [CVE-2023-40217] Bypass TLS handshake on closed sockets

Vulnerability Details

What is the vulnerability?

A SSL Security issue has been raised with this version of Python, here is the errata : Mailman 3 [CVE-2023-40217] Bypass TLS handshake on closed sockets - Security-announce - python.org

Is this vulnerability in Peek?

No. This is an upstream software vulnerability from cpython.

How severe is it?

It is high as per Python mail list: Mailman 3 [CVE-2023-40217] Bypass TLS handshake on closed sockets - Security-announce - python.org

The exact score is pending. NVD - CVE-2023-40217

What can we do to fix it?

We can patch python code. For Python 3.9, use this patch: Check for & avoid the ssl pre-close flaw

Patch Instructions

Download the Patch File Here


Use scp to transfer the file to your server.

scp 0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch peek@[hostname]:/home/peek

SSH to the Peek Server as the Peek User.

ssh peek@[hostname]

Change to the Python3.9 Directory.

cd /home/peek/opt/lib/python3.9

Run:

python -m patch_ng --debug /home/peek/0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch

Note

INFO successfully patched 1/1:  b'ssl.py' Will be printed to the terminal if the patch was successful.


Restart Peek:

restart_peek.sh

Remove the patch file:

rm /home/peek/0001-3.9-gh-108310-Fix-CVE-2023-40217-Check-for-avoid-the.patch