Your submission was sent successfully! Close

USN-5201-1: Python vulnerabilities

17 December 2021

Python could be made to crash if it receives specially crafted input from a malicious server.

Releases

Packages

  • python3.8 - An interactive high-level object-oriented language
  • python3.9 - Interactive high-level object-oriented language (version 3.9)

Details

It was discovered that the Python urllib http client could enter into an infinite
loop when incorrectly handling certain server responses (100 Continue response).
Specially crafted traffic from a malicious HTTP server could cause a denial of
service (Dos) condition for a client.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04
Ubuntu 20.04

In general, a standard system update will make all the necessary changes.

References

Related notices

  • USN-5083-1: python3.4-dev, python3.5-dev, python3.4-venv, libpython3.4-dev, libpython3.5-testsuite, python3.4-minimal, idle-python3.4, libpython3.5-minimal, python3.4-doc, libpython3.4-minimal, python3.5-examples, python3.5-minimal, libpython3.4, libpython3.5-dev, libpython3.4-stdlib, python3.4-examples, python3.5, libpython3.5, python3.5-venv, python3.4, libpython3.4-testsuite, python3.5-doc, libpython3.5-stdlib, idle-python3.5
  • USN-5199-1: libpython3.6-dev, libpython3.6, libpython3.6-testsuite, python3.6, python3.6-venv, libpython3.6-minimal, python3.6-examples, python3.6-doc, python3.6-dev, idle-python3.6, python3.6-minimal, libpython3.6-stdlib
  • USN-5200-1: idle-python3.8, python3.8-examples, python3.8-minimal, python3.7-minimal, libpython3.8-minimal, libpython3.8-dev, python3.7, python3.7-venv, python3.8, idle-python3.7, libpython3.7-stdlib, python3.7-examples, libpython3.8, libpython3.7-dev, libpython3.7-minimal, libpython3.7-testsuite, libpython3.8-stdlib, libpython3.8-testsuite, python3.8-venv, python3.7-doc, libpython3.7, python3.8-dev, python3.7-dev