Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 635
Alerts This Week
Warning Icon 1 635

Ubuntu 20.04 & 18.04: USN-5138-1 Moderate: Python-Py Denial of Service

ubuntu
Calendar Grey November 10, 2021
Dist Ubuntu Esm H88
Python-py may experience instability when subjected to specially designed input. Ensure that you apply the necessary updates for Ubuntu 18.04 and 20.04 LTS to address these vulnerabilities.
python-py could be made to crash if provided with specially crafted input.

Summary

python-py could be made to crash if provided with specially crafted input.

Software Description:

- python-py: Advanced Python development support library

Details:

The py.path.svnwc component of py (aka python-py) through v1.9.0

contains a regular expression with an ambiguous subpattern that is

susceptible to catastrophic backtracing. This could be used by attackers

to cause a compute-time denial of service attack by supplying malicious

input to the blame functionality.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   pypy-py                        1.8.1-1ubuntu0.1
   python-py                      1.8.1-1ubuntu0.1
   python3-py                     1.8.1-1ubuntu0.1

Ubuntu 18.04 LTS:
   pypy-py                        1.5.2-1ubuntu0.1
   python-py                      1.5.2-1ubuntu0.1
   python3-py                     1.5.2-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5138-1

CVE-2020-29651

November 10, 2021

Package Information

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.