Python could be made to crash if it receives specially crafted input
from a malicious server.
Software Description:
- python3.7: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
Details:
It was discovered that the urllib.request.AbstractBasicAuthHandler class
in Python contains regex allowing for catastrophic backtracking. Specially
crafted traffic from a malicious HTTP server could cause a regular
expression
denial of service (ReDoS) condition for a client.
(CVE-2020-8492)
It was discovered that the urllib.request.AbstractBasicAuthHandler class
in Python contains regex with a quadratic worst-case time complexity.
Specially crafted traffic from a malicious HTTP server could cause a
regular
expression denial of service (ReDoS) condition for a client.
(CVE-2021-3733)
It was discovered that the Python urllib http client could enter into an
infinite
loop when incorrectly handling certai...
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2 libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2 python3.7 3.7.5-2ubuntu1~18.04.2 python3.7-minimal 3.7.5-2ubuntu1~18.04.2 python3.8 3.8.0-3ubuntu1~18.04.2 python3.8-minimal 3.8.0-3ubuntu1~18.04.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5200-1
CVE-2020-8492, CVE-2021-3733, CVE-2021-3737
Get the latest Linux and open source security news straight to your inbox.