USN-5201-1: Python vulnerabilities
17 December 2021
Python could be made to crash if it receives specially crafted input from a malicious server.
Releases
Packages
- python3.8 - An interactive high-level object-oriented language
- python3.9 - Interactive high-level object-oriented language (version 3.9)
Details
It was discovered that the Python urllib http client could enter into an infinite
loop when incorrectly handling certain server responses (100 Continue response).
Specially crafted traffic from a malicious HTTP server could cause a denial of
service (Dos) condition for a client.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04
-
python3.9-minimal
-
3.9.5-3ubuntu0~21.04.1
-
libpython3.9-stdlib
-
3.9.5-3ubuntu0~21.04.1
-
python3.9
-
3.9.5-3ubuntu0~21.04.1
Ubuntu 20.04
-
python3.9-minimal
-
3.9.5-3ubuntu0~20.04.1
-
python3.9
-
3.9.5-3ubuntu0~20.04.1
-
libpython3.8-stdlib
-
3.8.10-0ubuntu1~20.04.2
-
python3.8
-
3.8.10-0ubuntu1~20.04.2
-
python3.8-minimal
-
3.8.10-0ubuntu1~20.04.2
-
libpython3.9-stdlib
-
3.9.5-3ubuntu0~20.04.1
In general, a standard system update will make all the necessary changes.