USN-4754-4: Python 2.7 vulnerability

03 March 2021

Python could be made to execute arbitrary code or denial of service if it received a specially crafted input.

Releases

Packages

  • python2.7 - An interactive high-level object-oriented language

Details

USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a
subsequent update removed the fix for CVE-2021-3177. This update reinstates
the security fix for CVE-2021-3177.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References

Related notices

  • USN-4754-1: python3.8-minimal, python3.5, python3.5-minimal, python3.6, python2.7, python3.4-minimal, python2.7-minimal, python3.8, python3.6-minimal, python3.4
  • USN-4754-3: python3.8-minimal, python3.7-minimal, python3.7, python2.7, python3.8, python2.7-minimal