USN-5201-1: Python vulnerabilities

17 December 2021

Python could be made to crash if it receives specially crafted input from a malicious server.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • python3.8 - An interactive high-level object-oriented language
  • python3.9 - Interactive high-level object-oriented language (version 3.9)

Details

It was discovered that the Python urllib http client could enter into an infinite
loop when incorrectly handling certain server responses (100 Continue response).
Specially crafted traffic from a malicious HTTP server could cause a denial of
service (Dos) condition for a client.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04
Ubuntu 20.04

In general, a standard system update will make all the necessary changes.

References