Alerts This Week
Warning Icon 1 1,355
Alerts This Week
Warning Icon 1 1,355

Ubuntu 18.04 LTS: USN-5200-1 Critical: Python DoS Issues

ubuntu
Calendar Grey December 17, 2021
Dist Ubuntu Esm H88
Security alert for Ubuntu 18.04 LTS focusing on vulnerabilities in Python that could compromise both integrity and overall system performance.
Python could be made to crash if it receives specially crafted input from a malicious server.

Summary

Python could be made to crash if it receives specially crafted input

from a malicious server.

Software Description:

- python3.7: An interactive high-level object-oriented language

- python3.8: An interactive high-level object-oriented language

Details:

It was discovered that the urllib.request.AbstractBasicAuthHandler class

in Python contains regex allowing for catastrophic backtracking. Specially

crafted traffic from a malicious HTTP server could cause a regular

expression

denial of service (ReDoS) condition for a client.

(CVE-2020-8492)

It was discovered that the urllib.request.AbstractBasicAuthHandler class

in Python contains regex with a quadratic worst-case time complexity.

Specially crafted traffic from a malicious HTTP server could cause a

regular

expression denial of service (ReDoS) condition for a client.

(CVE-2021-3733)

It was discovered that the Python urllib http client could enter into an

infinite

loop when incorrectly handling certai...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
   libpython3.7-stdlib             3.7.5-2ubuntu1~18.04.2
   libpython3.8-stdlib             3.8.0-3ubuntu1~18.04.2
   python3.7                          3.7.5-2ubuntu1~18.04.2
   python3.7-minimal             3.7.5-2ubuntu1~18.04.2
   python3.8                          3.8.0-3ubuntu1~18.04.2
   python3.8-minimal             3.8.0-3ubuntu1~18.04.2

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5200-1

  CVE-2020-8492, CVE-2021-3733, CVE-2021-3737

Severity
critical
Lowest
Low
Medium
High
Critical

December 17, 2021

Package Information

  https://launchpad.net/ubuntu/+source/python3.7/3.7.5-2ubuntu1~18.04.2
  https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here