Ubuntu update for python2.7
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2019-17514 CVE-2019-20907 CVE-2019-9674 CVE-2020-26116 CVE-2020-27619 CVE-2020-8492 CVE-2021-3177 |
| CWE-ID | CWE-20 CWE-835 CWE-400 CWE-93 CWE-94 CWE-399 CWE-119 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #6 is available. |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system python2.7-minimal (Ubuntu package) Operating systems & Components / Operating system package or component python2.7 (Ubuntu package) Operating systems & Components / Operating system package or component python3.7-minimal (Ubuntu package) Operating systems & Components / Operating system package or component python3.7 (Ubuntu package) Operating systems & Components / Operating system package or component python3.8-minimal (Ubuntu package) Operating systems & Components / Operating system package or component python3.8 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU35161
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17514
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.
MitigationUpdate the affected package python2.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
python2.7-minimal (Ubuntu package): before 2.7.18-1~20.04.1
python2.7 (Ubuntu package): before 2.7.18-1~20.04.1
python3.7-minimal (Ubuntu package): before 3.7.5-2~18.04.4
python3.7 (Ubuntu package): before 3.7.5-2~18.04.4
python3.8-minimal (Ubuntu package): before 3.8.0-3~18.04.1
python3.8 (Ubuntu package): before 3.8.0-3~18.04.1
External linkshttp://ubuntu.com/security/notices/USN-4754-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Infinite loop
EUVDB-ID: #VU32881
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-20907
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop In Lib/tarfile.py in Python. A remote attacker can create a specially crafted TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
MitigationUpdate the affected package python2.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
python2.7-minimal (Ubuntu package): before 2.7.18-1~20.04.1
python2.7 (Ubuntu package): before 2.7.18-1~20.04.1
python3.7-minimal (Ubuntu package): before 3.7.5-2~18.04.4
python3.7 (Ubuntu package): before 3.7.5-2~18.04.4
python3.8-minimal (Ubuntu package): before 3.8.0-3~18.04.1
python3.8 (Ubuntu package): before 3.8.0-3~18.04.1
External linkshttp://ubuntu.com/security/notices/USN-4754-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU25630
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9674
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Lib/zipfile.py in Python when processing ZIP archives. A remote attacker can pass a specially crafted .zip archive to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package python2.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
python2.7-minimal (Ubuntu package): before 2.7.18-1~20.04.1
python2.7 (Ubuntu package): before 2.7.18-1~20.04.1
python3.7-minimal (Ubuntu package): before 3.7.5-2~18.04.4
python3.7 (Ubuntu package): before 3.7.5-2~18.04.4
python3.8-minimal (Ubuntu package): before 3.8.0-3~18.04.1
python3.8 (Ubuntu package): before 3.8.0-3~18.04.1
External linkshttp://ubuntu.com/security/notices/USN-4754-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) CRLF injection
EUVDB-ID: #VU48592
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26116
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data in "http.client". A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.
MitigationUpdate the affected package python2.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
python2.7-minimal (Ubuntu package): before 2.7.18-1~20.04.1
python2.7 (Ubuntu package): before 2.7.18-1~20.04.1
python3.7-minimal (Ubuntu package): before 3.7.5-2~18.04.4
python3.7 (Ubuntu package): before 3.7.5-2~18.04.4
python3.8-minimal (Ubuntu package): before 3.8.0-3~18.04.1
python3.8 (Ubuntu package): before 3.8.0-3~18.04.1
External linkshttp://ubuntu.com/security/notices/USN-4754-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Code Injection
EUVDB-ID: #VU50621
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27619
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to Python executed eval() function on the code, retrieved via HTTP protocol in Lib/test/multibytecodec_support.py CJK codec tests. A remote attacker with ability to intercept network traffic can perform a Man-in-the-Middle (MitM) attack and execute arbitrary Python code on the system.
Update the affected package python2.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
python2.7-minimal (Ubuntu package): before 2.7.18-1~20.04.1
python2.7 (Ubuntu package): before 2.7.18-1~20.04.1
python3.7-minimal (Ubuntu package): before 3.7.5-2~18.04.4
python3.7 (Ubuntu package): before 3.7.5-2~18.04.4
python3.8-minimal (Ubuntu package): before 3.8.0-3~18.04.1
python3.8 (Ubuntu package): before 3.8.0-3~18.04.1
External linkshttp://ubuntu.com/security/notices/USN-4754-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU25631
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-8492
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in urllib.request.AbstractBasicAuthHandler when processing HTTP responses. A remote attacker who controls a HTTP server can send a specially crafted HTTP response to the client application and conduct Regular Expression Denial of Service (ReDoS) attack.
MitigationUpdate the affected package python2.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
python2.7-minimal (Ubuntu package): before 2.7.18-1~20.04.1
python2.7 (Ubuntu package): before 2.7.18-1~20.04.1
python3.7-minimal (Ubuntu package): before 3.7.5-2~18.04.4
python3.7 (Ubuntu package): before 3.7.5-2~18.04.4
python3.8-minimal (Ubuntu package): before 3.8.0-3~18.04.1
python3.8 (Ubuntu package): before 3.8.0-3~18.04.1
External linkshttp://ubuntu.com/security/notices/USN-4754-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Buffer overflow
EUVDB-ID: #VU49973
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3177
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary within the PyCArg_repr in _ctypes/callproc.c. A remote attacker can pass specially crafted input to the Python applications that accept floating-point numbers as untrusted input, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package python2.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
python2.7-minimal (Ubuntu package): before 2.7.18-1~20.04.1
python2.7 (Ubuntu package): before 2.7.18-1~20.04.1
python3.7-minimal (Ubuntu package): before 3.7.5-2~18.04.4
python3.7 (Ubuntu package): before 3.7.5-2~18.04.4
python3.8-minimal (Ubuntu package): before 3.8.0-3~18.04.1
python3.8 (Ubuntu package): before 3.8.0-3~18.04.1
External linkshttp://ubuntu.com/security/notices/USN-4754-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
