USN-5201-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-5201-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5201-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5201-1

Related

Published

2021-12-17T15:10:44.332712Z

Modified

2021-12-17T15:10:44.332712Z

Summary

python3.8, python3.9 vulnerabilities

Details

It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (Dos) condition for a client.

References

Affected packages

Ubuntu:20.04:LTS / python3.8

Package

Name: python3.8
Purl: pkg:deb/ubuntu/python3.8@3.8.10-0ubuntu1~20.04.2?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.10-0ubuntu1~20.04.2

Affected versions

3.*

3.8.0-1

3.8.0-2

3.8.0-3

3.8.0-4

3.8.0-5

3.8.1-2ubuntu3

3.8.2~rc1-1ubuntu1

3.8.2-1

3.8.2-1ubuntu1

3.8.2-1ubuntu1.1

3.8.2-1ubuntu1.2

3.8.5-1~20.04

3.8.5-1~20.04.2

3.8.5-1~20.04.3

3.8.10-0ubuntu1~20.04

3.8.10-0ubuntu1~20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libpython3.8": "3.8.10-0ubuntu1~20.04.2",
            "libpython3.8-minimal": "3.8.10-0ubuntu1~20.04.2",
            "python3.8-dbg": "3.8.10-0ubuntu1~20.04.2",
            "python3.8-doc": "3.8.10-0ubuntu1~20.04.2",
            "python3.8-minimal": "3.8.10-0ubuntu1~20.04.2",
            "libpython3.8-testsuite": "3.8.10-0ubuntu1~20.04.2",
            "idle-python3.8": "3.8.10-0ubuntu1~20.04.2",
            "libpython3.8-dbg": "3.8.10-0ubuntu1~20.04.2",
            "python3.8": "3.8.10-0ubuntu1~20.04.2",
            "python3.8-venv": "3.8.10-0ubuntu1~20.04.2",
            "python3.8-full": "3.8.10-0ubuntu1~20.04.2",
            "python3.8-examples": "3.8.10-0ubuntu1~20.04.2",
            "libpython3.8-stdlib": "3.8.10-0ubuntu1~20.04.2",
            "python3.8-dev": "3.8.10-0ubuntu1~20.04.2",
            "libpython3.8-dev": "3.8.10-0ubuntu1~20.04.2"
        }
    ]
}

Ubuntu:20.04:LTS / python3.9

Package

Name: python3.9
Purl: pkg:deb/ubuntu/python3.9@3.9.5-3ubuntu0~20.04.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.5-3ubuntu0~20.04.1

Affected versions

3.*

3.9.0~rc1-1~20.04

3.9.0-5~20.04

3.9.5-3~20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libpython3.9": "3.9.5-3ubuntu0~20.04.1",
            "libpython3.9-stdlib": "3.9.5-3ubuntu0~20.04.1",
            "python3.9-dbg": "3.9.5-3ubuntu0~20.04.1",
            "python3.9-venv": "3.9.5-3ubuntu0~20.04.1",
            "libpython3.9-dbg": "3.9.5-3ubuntu0~20.04.1",
            "idle-python3.9": "3.9.5-3ubuntu0~20.04.1",
            "python3.9": "3.9.5-3ubuntu0~20.04.1",
            "libpython3.9-minimal": "3.9.5-3ubuntu0~20.04.1",
            "python3.9-dev": "3.9.5-3ubuntu0~20.04.1",
            "python3.9-examples": "3.9.5-3ubuntu0~20.04.1",
            "libpython3.9-dev": "3.9.5-3ubuntu0~20.04.1",
            "libpython3.9-testsuite": "3.9.5-3ubuntu0~20.04.1",
            "python3.9-doc": "3.9.5-3ubuntu0~20.04.1",
            "python3.9-full": "3.9.5-3ubuntu0~20.04.1",
            "python3.9-minimal": "3.9.5-3ubuntu0~20.04.1"
        }
    ]
}