USN-4581-1: Python vulnerability
14 October 2020
Python could be used to perform a CRLF injection if it received a specially crafted request.
Releases
Packages
- python2.7 - An interactive high-level object-oriented language
- python3.4 - An interactive high-level object-oriented language
- python3.5 - An interactive high-level object-oriented language
- python3.6 - An interactive high-level object-oriented language
Details
It was discovered that Python incorrectly handled certain character
sequences. A remote attacker could possibly use this issue to perform
CRLF injection.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
python2.7
-
2.7.17-1~18.04ubuntu1.2
-
python2.7-minimal
-
2.7.17-1~18.04ubuntu1.2
-
python3.6
-
3.6.9-1~18.04ubuntu1.3
-
python3.6-minimal
-
3.6.9-1~18.04ubuntu1.3
Ubuntu 16.04
-
python2.7
-
2.7.12-1ubuntu0~16.04.13
-
python2.7-minimal
-
2.7.12-1ubuntu0~16.04.13
-
python3.5
-
3.5.2-2ubuntu0~16.04.12
-
python3.5-minimal
-
3.5.2-2ubuntu0~16.04.12
Ubuntu 14.04
-
python2.7
-
2.7.6-8ubuntu0.6+esm7
-
python2.7-minimal
-
2.7.6-8ubuntu0.6+esm7
-
python3.4
-
3.4.3-1ubuntu1~14.04.7+esm8
-
python3.4-minimal
-
3.4.3-1ubuntu1~14.04.7+esm8
Ubuntu 12.04
In general, a standard system update will make all the necessary changes.