USN-4428-1: Python vulnerabilities

22 July 2020

Several security issues were fixed in Python.

Releases

Packages

  • python2.7 - An interactive high-level object-oriented language
  • python3.4 - An interactive high-level object-oriented language
  • python3.5 - An interactive high-level object-oriented language
  • python3.6 - An interactive high-level object-oriented language
  • python3.8 - Interactive high-level object-oriented language (version 3.8)

Details

It was discovered that Python documentation had a misleading information.
A security issue could be possibly caused by wrong assumptions of this information.
This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2019-17514)

It was discovered that Python incorrectly handled certain TAR archives.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2019-20907)

It was discovered that incorrectly handled certain ZIP files. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2019-9674)

It was discovered that Python incorrectly handled certain IP values.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-14422)

Related notices

  • USN-4754-3: python2.7, libpython3.8-minimal, libpython3.8, python3.7-doc, libpython3.7-minimal, python3.7-minimal, libpython3.7-dev, libpython2.7, python3.7-examples, python2.7-doc, python3.7, python2.7-examples, libpython2.7-dev, python3.8-venv, idle-python3.8, python3.8-dev, libpython2.7-testsuite, python3.8-minimal, python3.7-dev, libpython3.7-testsuite, python3.8-examples, python2.7-dev, libpython3.8-testsuite, libpython3.8-dev, idle-python2.7, libpython2.7-stdlib, libpython3.7-stdlib, libpython2.7-minimal, python3.7-venv, libpython3.7, libpython3.8-stdlib, python2.7-minimal, python3.8, idle-python3.7