Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 21.04 & 20.04 LTS: USN-5201-1 Severe: Python DoS Issue

ubuntu
Calendar Grey December 17, 2021
Dist Ubuntu Esm H88
Discover the recent Ubuntu Security Notice USN-5201-1 about Python vulnerabilities and find out how to update your packages to maintain server stability and prevent outages
Python could be made to crash if it receives specially crafted input from a malicious server.

Summary

Python could be made to crash if it receives specially crafted input

from a malicious server.

Software Description:

- python3.9: Interactive high-level object-oriented language (version 3.9)

- python3.8: An interactive high-level object-oriented language

Details:

It was discovered that the Python urllib http client could enter into an

infinite loop when incorrectly handling certain server responses (100

Continue response). Specially crafted traffic from a malicious HTTP

server could cause a denial of service (Dos) condition for a client.

(CVE-2021-3737)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
   libpython3.9-stdlib             3.9.5-3ubuntu0~21.04.1
   python3.9                          3.9.5-3ubuntu0~21.04.1
   python3.9-minimal             3.9.5-3ubuntu0~21.04.1

Ubuntu 20.04 LTS:
   libpython3.8-stdlib             3.8.10-0ubuntu1~20.04.2
   libpython3.9-stdlib             3.9.5-3ubuntu0~20.04.1
   python3.8                          3.8.10-0ubuntu1~20.04.2
   python3.8-minimal             3.8.10-0ubuntu1~20.04.2
   python3.9                          3.9.5-3ubuntu0~20.04.1
   python3.9-minimal             3.9.5-3ubuntu0~20.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5201-1

CVE-2021-3737

Severity
critical
Lowest
Low
Medium
High
Critical

December 17, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here