Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 18.04 LTS: USN-5199-1 Critical Python Denial Of Service

ubuntu
Calendar Grey December 17, 2021
Dist Ubuntu Esm H88
Upgrade your Ubuntu 18.04 LTS system to address security issues associated with Python that could lead to Denial of Service (DoS) via specially formed inputs.
Python could be made to crash if it receives specially crafted input from a malicious server.

Summary

Python could be made to crash if it receives specially crafted input

from a malicious server.

Software Description:

- python3.6: An interactive high-level object-oriented language

Details:

It was discovered that the urllib.request.AbstractBasicAuthHandler class

in Python contains regex with a quadratic worst-case time complexity.

Specially crafted traffic from a malicious HTTP server could cause a

regular expression denial of service (ReDoS) condition for a client.

(CVE-2021-3733)

It was discovered that the Python urllib http client could enter into an

infinite loop when incorrectly handling certain server responses (100

Continue response). Specially crafted traffic from a malicious HTTP

server could cause a denial of service (DoS) condition for a client.

(CVE-2021-3737)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
     libpython3.6-stdlib             3.6.9-1~18.04ubuntu1.6
     python3.6                          3.6.9-1~18.04ubuntu1.6
     python3.6-minimal            3.6.9-1~18.04ubuntu1.6

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5199-1

CVE-2021-3733, CVE-2021-3737

Severity
critical
Lowest
Low
Medium
High
Critical

December 17, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here