Alerts This Week
Warning Icon 1 1,039
Alerts This Week
Warning Icon 1 1,039

Ubuntu 19.10: USN-4333-1 Critical: Python DoS and Injection

ubuntu
Calendar Grey April 21, 2020
Dist Ubuntu Esm H88
Numerous vulnerabilities within Python have been addressed. Make sure to refresh your installations to protect against possible risks.
Several security issues were fixed in Python.

Summary

Several security issues were fixed in Python.

Software Description:

- python3.7: An interactive high-level object-oriented language

- python2.7: An interactive high-level object-oriented language

- python3.6: An interactive high-level object-oriented language

- python3.5: An interactive high-level object-oriented language

- python3.4: An interactive high-level object-oriented language

Details:

It was discovered that Python incorrectly stripped certain characters from

requests. A remote attacker could use this issue to perform CRLF injection.

(CVE-2019-18348)

It was discovered that Python incorrectly handled certain HTTP requests.

An attacker could possibly use this issue to cause a denial of service.

(CVE-2020-8492)

Topics%20covered

Topics Covered

security advisory denial of service remote attack ubuntu python

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  python3.7                       3.7.5-2~19.10ubuntu1
  python3.7-minimal               3.7.5-2~19.10ubuntu1

Ubuntu 18.04 LTS:
  python2.7                       2.7.17-1~18.04ubuntu1
  python2.7-minimal               2.7.17-1~18.04ubuntu1
  python3.6                       3.6.9-1~18.04ubuntu1
  python3.6-minimal               3.6.9-1~18.04ubuntu1

Ubuntu 16.04 LTS:
  python2.7                       2.7.12-1ubuntu0~16.04.11
  python2.7-minimal               2.7.12-1ubuntu0~16.04.11
  python3.5                       3.5.2-2ubuntu0~16.04.10
  python3.5-minimal               3.5.2-2ubuntu0~16.04.10

Ubuntu 14.04 ESM:
  python2.7                       2.7.6-8ubuntu0.6+esm5
  python2.7-minimal               2.7.6-8ubuntu0.6+esm5
  python3.4                       3.4.3-1ubuntu1~14.04.7+esm6
  python3.4-minimal               3.4.3-1ubuntu1~14.04.7+esm6

Ubuntu 12.04 ESM:
  python2.7                       2.7.3-0ubuntu3.17
  python2.7-minimal               2.7.3-0ubuntu3.17

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4333-1

CVE-2019-18348, CVE-2020-8492

Severity
critical
Lowest
Low
Medium
High
Critical

April 21, 2020

Topics%20covered

Topics Covered

security advisory denial of service remote attack ubuntu python

Package Information

https://launchpad.net/ubuntu/+source/python3.7/3.7.5-2~19.10ubuntu1
https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1
https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1
https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.11
https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here