Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu: 4428-1 Critical: Python Denial Of Service Threats

ubuntu
Calendar Grey July 22, 2020
Dist Ubuntu Esm H88
Several vulnerabilities in Python have been resolved in Ubuntu 20.04 LTS and prior editions. It is advisable to apply the updates to enhance security.
Several security issues were fixed in Python.

Summary

Several security issues were fixed in Python.

Software Description:

- python3.8: Interactive high-level object-oriented language (version 3.8)

- python2.7: An interactive high-level object-oriented language

- python3.6: An interactive high-level object-oriented language

- python3.5: An interactive high-level object-oriented language

- python3.4: An interactive high-level object-oriented language

Details:

It was discovered that Python documentation had a misleading information.

A security issue could be possibly caused by wrong assumptions of this information.

This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and

Ubuntu 18.04 LTS. (CVE-2019-17514)

It was discovered that Python incorrectly handled certain TAR archives.

An attacker could possibly use this issue to cause a denial of service.

(CVE-2019-20907)

It was discovered that incorrectly handled certain ZIP files. An attacker

could possibly use this issue to cause a denial of service. This issue only

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  python3.8                       3.8.2-1ubuntu1.2
  python3.8-minimal               3.8.2-1ubuntu1.2

Ubuntu 18.04 LTS:
  python2.7                       2.7.17-1~18.04ubuntu1.1
  python2.7-minimal               2.7.17-1~18.04ubuntu1.1
  python3.6                       3.6.9-1~18.04ubuntu1.1
  python3.6-minimal               3.6.9-1~18.04ubuntu1.1

Ubuntu 16.04 LTS:
  python2.7                       2.7.12-1ubuntu0~16.04.12
  python2.7-minimal               2.7.12-1ubuntu0~16.04.12
  python3.5                       3.5.2-2ubuntu0~16.04.11
  python3.5-minimal               3.5.2-2ubuntu0~16.04.11

Ubuntu 14.04 ESM:
  python2.7                       2.7.6-8ubuntu0.6+esm6
  python2.7-minimal               2.7.6-8ubuntu0.6+esm6
  python3.4                       3.4.3-1ubuntu1~14.04.7+esm7
  python3.4-minimal               3.4.3-1ubuntu1~14.04.7+esm7

Ubuntu 12.04 ESM:
  python2.7                       2.7.3-0ubuntu3.18
  python2.7-minimal               2.7.3-0ubuntu3.18

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4428-1

CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-14422

Severity
critical
Lowest
Low
Medium
High
Critical

July 22, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here