CVE-2017-11424 Ubuntu Security Notification for Pyjwt Vulnerability (USN-3407-1)

It was discovered that a vulnerability in PyJWT doesn't check invalid_strings properly for some public keys.

A remote attacker could take advantage of a key confusion to craft JWTs from scratch.

Refer to Ubuntu advisory USN-3407-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3407-1: 16.04 (Xenial) on src (python-jwt)

USN-3407-1: 16.04 (Xenial) on src (python3-jwt)

USN-3407-1: 17.04 (zesty) on src (python-jwt)

USN-3407-1: 17.04 (zesty) on src (python3-jwt)