USN-4754-5: Python vulnerability
8 February 2022
Python could be made to execute arbitrary code or denial of service if it received a specially crafted input.
Releases
Packages
- python2.7 - An interactive high-level object-oriented language
Details
USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a
subsequent update removed the fix for CVE-2021-3177. This update reinstates
the security fix for CVE-2021-3177 in Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04
-
python2.7
-
2.7.6-8ubuntu0.6+esm10
Available with Ubuntu Pro
-
python2.7-minimal
-
2.7.6-8ubuntu0.6+esm10
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-4754-1: libpython3.5-testsuite, python3.5-examples, python3.6-dev, python3.6-venv, libpython3.5-stdlib, libpython2.7-minimal, python3.4-examples, python3.5-venv, libpython3.8-minimal, libpython3.4-minimal, libpython3.4-stdlib, python3.6-doc, python3.8-examples, idle-python3.4, libpython3.8-dev, python2.7-dev, python3.8-dev, python3.8-doc, libpython3.6, idle-python2.7, libpython3.6-dev, python2.7-minimal, libpython3.6-minimal, libpython2.7, libpython3.5-minimal, libpython3.8, python3.4-dev, python3.8-venv, libpython3.4-testsuite, python3.5-doc, python3.8, libpython3.5-dev, python3.5-dev, libpython3.4, libpython3.6-testsuite, idle-python3.5, libpython2.7-stdlib, libpython3.8-testsuite, idle-python3.8, libpython3.4-dev, python3.4-doc, libpython3.8-stdlib, python3.6-examples, python3.6-minimal, libpython3.5, python2.7-examples, python3.5-minimal, idle-python3.6, libpython2.7-dev, python2.7-doc, python3.5, python3.4-venv, libpython3.6-stdlib, python3.4, python3.8-minimal, libpython2.7-testsuite, python3.6, python2.7, python3.4-minimal
- USN-4754-4: libpython2.7-dev, python2.7-doc, python2.7-dev, libpython2.7-stdlib, idle-python2.7, python2.7-minimal, libpython2.7-minimal, libpython2.7, libpython2.7-testsuite, python2.7, python2.7-examples
- USN-4754-3: python3.7-examples, libpython3.7, libpython2.7-minimal, libpython3.8-minimal, python3.8-examples, python3.7-minimal, libpython3.8-dev, python2.7-dev, python3.8-dev, python3.7, idle-python2.7, libpython3.7-testsuite, libpython3.7-minimal, python2.7-minimal, libpython2.7, libpython3.8, python3.8-venv, python3.8, libpython3.7-dev, libpython3.7-stdlib, python3.7-dev, python3.7-venv, libpython2.7-stdlib, idle-python3.7, libpython3.8-testsuite, idle-python3.8, python3.7-doc, libpython3.8-stdlib, python2.7-examples, libpython2.7-dev, python2.7-doc, python3.8-minimal, libpython2.7-testsuite, python2.7