|
|
Subscribe / Log in / New account

Ubuntu alert USN-5629-1 (python3.5)



From:
              Ian Constantin <ian.constantin@canonical.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-5629-1] Python vulnerability


Date:
              Thu, 22 Sep 2022 15:40:25 -0400


Message-ID:
              <491bf056-3435-aa3b-ba95-a9ebec6d968e@canonical.com>


==========================================================================
Ubuntu Security Notice USN-5629-1
September 22, 2022

python3.5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Python could be made to redirect web traffic if its http.server
received a specially crafted request.

Software Description:
- python3.5: An interactive high-level object-oriented language

Details:

It was discovered that the Python http.server module incorrectly handled
certain URIs. An attacker could potentially use this to redirect web 
traffic.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libpython3.5                         3.5.2-2ubuntu0~16.04.13+esm5
   libpython3.5-minimal            3.5.2-2ubuntu0~16.04.13+esm5
   libpython3.5-stdlib                3.5.2-2ubuntu0~16.04.13+esm5
   python3.5                             3.5.2-2ubuntu0~16.04.13+esm5
   python3.5-minimal                3.5.2-2ubuntu0~16.04.13+esm5

After a standard system update you need to restart the python3 
http.server to make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5629-1
   CVE-2021-28861
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds