Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Ubuntu 20.04 LTS: USN-4754-3 Critical: Python Denial Of Service

ubuntu
Calendar Grey March 12, 2021
Dist Ubuntu Esm H88
To enhance security in Python on Ubuntu 18.04 and 20.04, it's essential to implement the latest updates and patches for optimal protection and stability
Several security issues were fixed in Python 2.7 and Python 3.8.

Summary

Several security issues were fixed in Python 2.7 and Python 3.8.

Software Description:

- python2.7: An interactive high-level object-oriented language

- python3.7: An interactive high-level object-oriented language

- python3.8: An interactive high-level object-oriented language

Details:

USN-4754-1 fixed vulnerabilities in Python. This update provides

the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.

In the case of Python 2.7 for 20.04 ESM, these additional fixes are included:

It was dicovered that Python allowed remote attackers to cause a denial of

service (resource consumption) via a ZIP bomb. (CVE-2019-9674)

It was discovered that Python had potentially misleading information about

whether sorting occurs. This fix updates the documentation about it.

(CVE-2019-17514)

It was discovered that Python incorrectly handled certain TAR archives.

An attacker could possibly use this issue to cause a denial of service.

(CVE-2019-20907)

It was discovered that Pytho...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  python2.7                       2.7.18-1~20.04.1
  python2.7-minimal               2.7.18-1~20.04.1

Ubuntu 18.04 LTS:
  python3.7                       3.7.5-2~18.04.4
  python3.7-minimal               3.7.5-2~18.04.4
  python3.8                       3.8.0-3~18.04.1
  python3.8-minimal               3.8.0-3~18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4754-1

CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-26116,

CVE-2020-27619, CVE-2020-8492, CVE-2021-3177

Severity
critical
Lowest
Low
Medium
High
Critical

March 12, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.