USN-5342-1
- Source
- https://ubuntu.com/security/notices/USN-5342-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5342-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-5342-1
- Upstream
- Related
- Published
- 2022-03-28T09:39:26.415991Z
- Modified
- 2025-10-13T04:35:50Z
- Summary
- python2.7, python3.4, python3.5, python3.6, python3.8 vulnerabilities
- Details
-
David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426)
It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2021-4189)
It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0391)
- References
Affected packages
Ubuntu:18.04:LTS
python2.7
Package
- Name
- python2.7
- Purl
- pkg:deb/ubuntu/python2.7@2.7.17-1~18.04ubuntu1.7?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.17-1~18.04ubuntu1.7
Affected versions
2.*
2.7.14-2ubuntu2
2.7.14-4
2.7.14-6
2.7.14-7
2.7.14-8
2.7.15~rc1-1
2.7.15~rc1-1ubuntu0.1
2.7.15-4ubuntu4~18.04
2.7.15-4ubuntu4~18.04.1
2.7.15-4ubuntu4~18.04.2
2.7.17-1~18.04
2.7.17-1~18.04ubuntu1
2.7.17-1~18.04ubuntu1.1
2.7.17-1~18.04ubuntu1.2
2.7.17-1~18.04ubuntu1.3
2.7.17-1~18.04ubuntu1.5
2.7.17-1~18.04ubuntu1.6
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "idle-python2.7"
},
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "libpython2.7"
},
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "libpython2.7-dev"
},
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "libpython2.7-minimal"
},
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "libpython2.7-stdlib"
},
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "libpython2.7-testsuite"
},
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "python2.7"
},
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "python2.7-dev"
},
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "python2.7-examples"
},
{
"binary_version": "2.7.17-1~18.04ubuntu1.7",
"binary_name": "python2.7-minimal"
}
],
"availability": "No subscription required"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5342-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "low"
}
],
"id": "CVE-2021-3426"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2021-4189"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2022-0391"
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
python3.6
Package
- Name
- python3.6
- Purl
- pkg:deb/ubuntu/python3.6@3.6.9-1~18.04ubuntu1.7?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.9-1~18.04ubuntu1.7
Affected versions
3.*
3.6.3-1ubuntu1
3.6.4~rc1-1
3.6.4~rc1-2
3.6.4-1
3.6.4-2
3.6.4-3build1
3.6.4-4
3.6.5~rc1-1
3.6.5-3
3.6.6-1~18.04
3.6.7-1~18.04
3.6.8-1~18.04.1
3.6.8-1~18.04.2
3.6.8-1~18.04.3
3.6.9-1~18.04
3.6.9-1~18.04ubuntu1
3.6.9-1~18.04ubuntu1.1
3.6.9-1~18.04ubuntu1.3
3.6.9-1~18.04ubuntu1.4
3.6.9-1~18.04ubuntu1.6
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "idle-python3.6"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "libpython3.6"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "libpython3.6-dev"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "libpython3.6-minimal"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "libpython3.6-stdlib"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "libpython3.6-testsuite"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "python3.6"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "python3.6-dev"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "python3.6-examples"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "python3.6-minimal"
},
{
"binary_version": "3.6.9-1~18.04ubuntu1.7",
"binary_name": "python3.6-venv"
}
],
"availability": "No subscription required"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5342-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "low"
}
],
"id": "CVE-2021-3426"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2021-4189"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2022-0391"
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
Ubuntu:20.04:LTS
python3.8
Package
- Name
- python3.8
- Purl
- pkg:deb/ubuntu/python3.8@3.8.10-0ubuntu1~20.04.4?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.10-0ubuntu1~20.04.4
Affected versions
3.*
3.8.0-1
3.8.0-2
3.8.0-3
3.8.0-4
3.8.0-5
3.8.1-2ubuntu3
3.8.2~rc1-1ubuntu1
3.8.2-1
3.8.2-1ubuntu1
3.8.2-1ubuntu1.1
3.8.2-1ubuntu1.2
3.8.5-1~20.04
3.8.5-1~20.04.2
3.8.5-1~20.04.3
3.8.10-0ubuntu1~20.04
3.8.10-0ubuntu1~20.04.1
3.8.10-0ubuntu1~20.04.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "idle-python3.8"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "libpython3.8"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "libpython3.8-dev"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "libpython3.8-minimal"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "libpython3.8-stdlib"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "libpython3.8-testsuite"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "python3.8"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "python3.8-dev"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "python3.8-examples"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "python3.8-full"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "python3.8-minimal"
},
{
"binary_version": "3.8.10-0ubuntu1~20.04.4",
"binary_name": "python3.8-venv"
}
],
"availability": "No subscription required"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5342-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2022-0391"
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
Ubuntu:Pro:14.04:LTS
python3.4
Package
- Name
- python3.4
- Purl
- pkg:deb/ubuntu/python3.4@3.4.3-1ubuntu1~14.04.7+esm12?arch=source&distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.3-1ubuntu1~14.04.7+esm12
Affected versions
3.*
3.4~b1-0ubuntu3
3.4~b1-4ubuntu4
3.4~b1-4ubuntu6
3.4~b1-5ubuntu2
3.4~b2-1
3.4~b3-1ubuntu1
3.4~rc1-1build1
3.4~rc2-1
3.4~rc3-0ubuntu1
3.4.0-1
3.4.0-2ubuntu1
3.4.0-2ubuntu1.1
3.4.3-1ubuntu1~14.04.1
3.4.3-1ubuntu1~14.04.3
3.4.3-1ubuntu1~14.04.4
3.4.3-1ubuntu1~14.04.5
3.4.3-1ubuntu1~14.04.6
3.4.3-1ubuntu1~14.04.7
3.4.3-1ubuntu1~14.04.7+esm2
3.4.3-1ubuntu1~14.04.7+esm4
3.4.3-1ubuntu1~14.04.7+esm6
3.4.3-1ubuntu1~14.04.7+esm7
3.4.3-1ubuntu1~14.04.7+esm8
3.4.3-1ubuntu1~14.04.7+esm10
3.4.3-1ubuntu1~14.04.7+esm11
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "idle-python3.4"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "libpython3.4"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "libpython3.4-dev"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "libpython3.4-minimal"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "libpython3.4-stdlib"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "libpython3.4-testsuite"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "python3.4"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "python3.4-dev"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "python3.4-examples"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "python3.4-minimal"
},
{
"binary_version": "3.4.3-1ubuntu1~14.04.7+esm12",
"binary_name": "python3.4-venv"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5342-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "low"
}
],
"id": "CVE-2021-3426"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2021-4189"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2022-0391"
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
Ubuntu:Pro:16.04:LTS
python2.7
Package
- Name
- python2.7
- Purl
- pkg:deb/ubuntu/python2.7@2.7.12-1ubuntu0~16.04.18+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.12-1ubuntu0~16.04.18+esm1
Affected versions
2.*
2.7.10-4ubuntu1
2.7.10-4ubuntu2
2.7.11-2
2.7.11-3
2.7.11-4
2.7.11-6
2.7.11-7
2.7.11-7ubuntu1
2.7.12-1~16.04
2.7.12-1ubuntu0~16.04.1
2.7.12-1ubuntu0~16.04.2
2.7.12-1ubuntu0~16.04.3
2.7.12-1ubuntu0~16.04.4
2.7.12-1ubuntu0~16.04.8
2.7.12-1ubuntu0~16.04.9
2.7.12-1ubuntu0~16.04.11
2.7.12-1ubuntu0~16.04.12
2.7.12-1ubuntu0~16.04.13
2.7.12-1ubuntu0~16.04.14
2.7.12-1ubuntu0~16.04.16
2.7.12-1ubuntu0~16.04.18
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "idle-python2.7"
},
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "libpython2.7"
},
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "libpython2.7-dev"
},
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "libpython2.7-minimal"
},
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "libpython2.7-stdlib"
},
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "libpython2.7-testsuite"
},
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "python2.7"
},
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "python2.7-dev"
},
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "python2.7-examples"
},
{
"binary_version": "2.7.12-1ubuntu0~16.04.18+esm1",
"binary_name": "python2.7-minimal"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5342-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "low"
}
],
"id": "CVE-2021-3426"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2021-4189"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2022-0391"
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
python3.5
Package
- Name
- python3.5
- Purl
- pkg:deb/ubuntu/python3.5@3.5.2-2ubuntu0~16.04.13+esm2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.2-2ubuntu0~16.04.13+esm2
Affected versions
3.*
3.5.0-3
3.5.0-3ubuntu1
3.5.1~rc1-2ubuntu1
3.5.1-1
3.5.1-2
3.5.1-3
3.5.1-5
3.5.1-6ubuntu1
3.5.1-6ubuntu2
3.5.1-9ubuntu1
3.5.1-10
3.5.2-2~16.01
3.5.2-2~16.04
3.5.2-2ubuntu0~16.04.1
3.5.2-2ubuntu0~16.04.2
3.5.2-2ubuntu0~16.04.3
3.5.2-2ubuntu0~16.04.4
3.5.2-2ubuntu0~16.04.5
3.5.2-2ubuntu0~16.04.8
3.5.2-2ubuntu0~16.04.9
3.5.2-2ubuntu0~16.04.10
3.5.2-2ubuntu0~16.04.11
3.5.2-2ubuntu0~16.04.12
3.5.2-2ubuntu0~16.04.13
3.5.2-2ubuntu0~16.04.13+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "idle-python3.5"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "libpython3.5"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "libpython3.5-dev"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "libpython3.5-minimal"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "libpython3.5-stdlib"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "libpython3.5-testsuite"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "python3.5"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "python3.5-dev"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "python3.5-examples"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "python3.5-minimal"
},
{
"binary_version": "3.5.2-2ubuntu0~16.04.13+esm2",
"binary_name": "python3.5-venv"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5342-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "low"
}
],
"id": "CVE-2021-3426"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2021-4189"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2022-0391"
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}