USN-5083-1: Python vulnerabilities

16 September 2021

Several security issues were fixed in Python.

Releases

Packages

python3.4 - An interactive high-level object-oriented language
python3.5 - An interactive high-level object-oriented language

Details

It was discovered that Python incorrectly handled certain RFCs.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733)

It was discovered that Python incorrectly handled certain
server responses. An attacker could possibly use this issue to
cause a denial of service. (CVE-2021-3737)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

python3.5 - 3.5.2-2ubuntu0~16.04.13+esm1
Available with UA Infra or UA Desktop
python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm1
Available with UA Infra or UA Desktop

Ubuntu 14.04

python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm11
Available with UA Infra or UA Desktop
python3.4 - 3.4.3-1ubuntu1~14.04.7+esm11
Available with UA Infra or UA Desktop

In general, a standard system update will make all the necessary changes.

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›