Ubuntu 5629-1: Python vulnerability | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5629-1
September 22, 2022

python3.5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Python could be made to redirect web traffic if its http.server
received a specially crafted request.

Software Description:
- python3.5: An interactive high-level object-oriented language

Details:

It was discovered that the Python http.server module incorrectly handled
certain URIs. An attacker could potentially use this to redirect web 
traffic.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libpython3.5                         3.5.2-2ubuntu0~16.04.13+esm5
   libpython3.5-minimal            3.5.2-2ubuntu0~16.04.13+esm5
   libpython3.5-stdlib                3.5.2-2ubuntu0~16.04.13+esm5
   python3.5                             3.5.2-2ubuntu0~16.04.13+esm5
   python3.5-minimal                3.5.2-2ubuntu0~16.04.13+esm5

After a standard system update you need to restart the python3 
http.server to make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5629-1
   CVE-2021-28861

Ubuntu 5629-1: Python vulnerability

September 22, 2022

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Python could be made to redirect web traffic if its http.server received a specially crafted request. Software Description: - python3.5: An interactive high-level object-oriented language Details: It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libpython3.5 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.13+esm5 python3.5 3.5.2-2ubuntu0~16.04.13+esm5 python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5 After a standard system update you need to restart the python3 http.server to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5629-1

CVE-2021-28861

Severity
Ubuntu Security Notice USN-5629-1

Package Information

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.