Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Mageia 8: 2021-0386 Moderate: Python3 IP Address Handling Fix

mageia
Calendar Grey July 27, 2021
Dist Mageia Esm H88
Upgrade to python3 version 3.8.11 resolves vulnerabilities linked to IP address management issues. Also, ensure that pip and setuptools are upgraded accordingly.
Update python3 to 3.8.11 to fix several security issues

Summary

Update python3 to 3.8.11 to fix several security issues. Fixes in 3.8.10 are also included.
Bundled pip and setuptools were updated in 3.8.11 so python-pip needs to be updated to 21.1.3 and python-setuptools to 56.2.0 at the same time.
Also, we fix the following issue:
In Python before 3.9.5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses (CVE-2021-29921).

References

- https://bugs.mageia.org/show_bug.cgi?id=29288

- https://docs.python.org/release/3.8.11/whatsnew/changelog.html#changelog

- https://docs.python.org/release/3.8.10/whatsnew/changelog.html#changelog

- https://ubuntu.com/security/notices/USN-4973-1

- https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html

- https://www.cve.org/CVERecord?id=CVE-2021-29921

Resolution

SRPMS

- 8/core/python-pip-21.1.3-1.mga8

- 8/core/python-setuptools-56.2.0-1.mga8

- 8/core/python3-3.8.11-1.1.mga8

Publication date: 27 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0386.html
Type: security
CVE: CVE-2021-29921

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.