Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 20.10 USN-4668-3 Moderate: python-apt Resource Regression

ubuntu
Calendar Grey January 4, 2021
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-4670-4 resolves a significant regression in python-apt that impacts various versions and outlines the required updates.
USN-4668-1 introduced a regression in python-apt.

Summary

USN-4668-1 introduced a regression in python-apt.

Software Description:

- python-apt: Python interface to libapt-pkg

Details:

USN-4668-1 fixed vulnerabilities in python-apt. The update caused a

regression when using certain APIs with a file handle. This update fixes

the problem.

We apologize for the inconvenience.

Original advisory details:

Kevin Backhouse discovered that python-apt incorrectly handled resources. A

local attacker could possibly use this issue to cause python-apt to consume

resources, leading to a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  python3-apt                     2.1.3ubuntu1.3

Ubuntu 20.04 LTS:
  python-apt                      2.0.0ubuntu0.20.04.3
  python3-apt                     2.0.0ubuntu0.20.04.3

Ubuntu 18.04 LTS:
  python-apt                      1.6.5ubuntu0.5
  python3-apt                     1.6.5ubuntu0.5

Ubuntu 16.04 LTS:
  python-apt                      1.1.0~beta1ubuntu0.16.04.11
  python3-apt                     1.1.0~beta1ubuntu0.16.04.11

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4668-3

https://ubuntu.com/security/notices/USN-4668-1

https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1907676

January 04, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.