Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS: USN-4581-1 Critical: Python CRLF Injection

ubuntu
Calendar Grey October 14, 2020
Dist Ubuntu Esm H88
A recent Ubuntu Security Bulletin USN-4581-1 highlights a vulnerability related to Python, affecting various builds. Guidance for remediation is provided.
Python could be used to perform a CRLF injection if it received a specially crafted request.

Summary

Python could be used to perform a CRLF injection if it received a specially crafted request.

Software Description:

- python2.7: An interactive high-level object-oriented language

- python3.6: An interactive high-level object-oriented language

- python3.5: An interactive high-level object-oriented language

- python3.4: An interactive high-level object-oriented language

Details:

It was discovered that Python incorrectly handled certain character

sequences. A remote attacker could possibly use this issue to perform

CRLF injection.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  python2.7                       2.7.17-1~18.04ubuntu1.2
  python2.7-minimal               2.7.17-1~18.04ubuntu1.2
  python3.6                       3.6.9-1~18.04ubuntu1.3
  python3.6-minimal               3.6.9-1~18.04ubuntu1.3

Ubuntu 16.04 LTS:
  python2.7                       2.7.12-1ubuntu0~16.04.13
  python2.7-minimal               2.7.12-1ubuntu0~16.04.13
  python3.5                       3.5.2-2ubuntu0~16.04.12
  python3.5-minimal               3.5.2-2ubuntu0~16.04.12

Ubuntu 14.04 ESM:
  python2.7                       2.7.6-8ubuntu0.6+esm7
  python2.7-minimal               2.7.6-8ubuntu0.6+esm7
  python3.4                       3.4.3-1ubuntu1~14.04.7+esm8
  python3.4-minimal               3.4.3-1ubuntu1~14.04.7+esm8

Ubuntu 12.04 ESM:
  python2.7                       2.7.3-0ubuntu3.19
  python2.7-minimal               2.7.3-0ubuntu3.19

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4581-1

CVE-2020-26116

Severity
critical
Lowest
Low
Medium
High
Critical

October 14, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here