USN-5629-1: Python vulnerability
22 September 2022
Python could be made to redirect web traffic if its http.server received a specially crafted request.
- python3.5 - An interactive high-level object-oriented language
It was discovered that the Python http.server module incorrectly handled
certain URIs. An attacker could potentially use this to redirect web traffic.
The problem can be corrected by updating your system to the following package versions:
- libpython3.5-stdlib - 3.5.2-2ubuntu0~16.04.13+esm5
- libpython3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm5
- python3.5 - 3.5.2-2ubuntu0~16.04.13+esm5
- python3.5-minimal - 3.5.2-2ubuntu0~16.04.13+esm5
- libpython3.5 - 3.5.2-2ubuntu0~16.04.13+esm5
After a standard system update you need to restart the python3 http.server
to make all the necessary changes.