Stay Secure with the Latest Linux Advisories

security advisoryDoSubuntu

Ubuntu 18.04 LTS: USN-5200-1 Critical: Python DoS Issues

Python could be made to crash if it receives specially crafted input from a malicious server.. =========================================================================Ubuntu Security Notice USN-5200-1 December 17, 2021 python3.7, python3.8 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Python could be made to crash if it receives specially crafted input from a malicious server. Software Description: - python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Details: It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2020-8492) It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733) It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2 libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2 python3.7 3.7.5-2ubuntu1~18.04.2 python3.7-minimal 3.7.5-2ubuntu1~18.04.2 python3.8 3.8.0-3ubuntu1~18.04.2 python3.8-minimal 3.8.0-3ubuntu1~18.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5200-1 CVE-2020-8492, CVE-2021-3733, CVE-2021-3737 Package Information: https://launchpad.net/ubuntu/+source/python3.7/3.7.5-2ubuntu1~18.04.2 https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2 . Security alert for Ubuntu 18.04 LTS focusing on vulnerabilities in Python that could compromise both integrity and overall system performance.. Python Security, Denial of Service, Ubuntu Vulnerabilities, Input Handling, Regex Issues. . Severity: Critical. LinuxSecurity.com Team

Dec 17, 2021 •Critical Ubuntu