- Vulnerability/
- USN-4428-1
USN-4428-1: Python vulnerabilities
First published: Wed Jul 22 2020(Updated: )
It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-17514) It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-20907) It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9674) It was discovered that Python incorrectly handled certain IP values. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14422)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python3.8 | <3.8.2-1ubuntu1.2 | 3.8.2-1ubuntu1.2 |
| =20.04 | ||
| All of | ||
| ubuntu/python3.8-minimal | <3.8.2-1ubuntu1.2 | 3.8.2-1ubuntu1.2 |
| =20.04 | ||
| All of | ||
| ubuntu/python2.7 | <2.7.17-1~18.04ubuntu1.1 | 2.7.17-1~18.04ubuntu1.1 |
| =18.04 | ||
| All of | ||
| ubuntu/python2.7-minimal | <2.7.17-1~18.04ubuntu1.1 | 2.7.17-1~18.04ubuntu1.1 |
| =18.04 | ||
| All of | ||
| ubuntu/python3.6 | <3.6.9-1~18.04ubuntu1.1 | 3.6.9-1~18.04ubuntu1.1 |
| =18.04 | ||
| All of | ||
| ubuntu/python3.6-minimal | <3.6.9-1~18.04ubuntu1.1 | 3.6.9-1~18.04ubuntu1.1 |
| =18.04 | ||
| All of | ||
| ubuntu/python2.7 | <2.7.12-1ubuntu0~16.04.12 | 2.7.12-1ubuntu0~16.04.12 |
| =16.04 | ||
| All of | ||
| ubuntu/python2.7-minimal | <2.7.12-1ubuntu0~16.04.12 | 2.7.12-1ubuntu0~16.04.12 |
| =16.04 | ||
| All of | ||
| ubuntu/python3.5 | <3.5.2-2ubuntu0~16.04.11 | 3.5.2-2ubuntu0~16.04.11 |
| =16.04 | ||
| All of | ||
| ubuntu/python3.5-minimal | <3.5.2-2ubuntu0~16.04.11 | 3.5.2-2ubuntu0~16.04.11 |
| =16.04 | ||
| All of | ||
| ubuntu/python2.7 | <2.7.6-8ubuntu0.6+esm6 | 2.7.6-8ubuntu0.6+esm6 |
| =14.04 | ||
| All of | ||
| ubuntu/python2.7-minimal | <2.7.6-8ubuntu0.6+esm6 | 2.7.6-8ubuntu0.6+esm6 |
| =14.04 | ||
| All of | ||
| ubuntu/python3.4 | <3.4.3-1ubuntu1~14.04.7+esm7 | 3.4.3-1ubuntu1~14.04.7+esm7 |
| =14.04 | ||
| All of | ||
| ubuntu/python3.4-minimal | <3.4.3-1ubuntu1~14.04.7+esm7 | 3.4.3-1ubuntu1~14.04.7+esm7 |
| =14.04 | ||
| All of | ||
| ubuntu/python2.7 | <2.7.3-0ubuntu3.18 | 2.7.3-0ubuntu3.18 |
| =12.04 | ||
| All of | ||
| ubuntu/python2.7-minimal | <2.7.3-0ubuntu3.18 | 2.7.3-0ubuntu3.18 |
| =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-20907
- https://ubuntu.com/security/CVE-2019-9674
- https://ubuntu.com/security/CVE-2019-17514
- https://ubuntu.com/security/CVE-2020-14422
- https://ubuntu.com/security/notices/USN-4754-3
- https://ubuntu.com/security/notices/USN-6891-1
- https://launchpad.net/ubuntu/+source/python3.8/3.8.2-1ubuntu1.2
- https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.1
- https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.1
- https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.12
- https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.11
- https://launchpad.net/ubuntu/+source/python2.7/2.7.6-8ubuntu0.6+esm6
- https://launchpad.net/ubuntu/+source/python3.4/3.4.3-1ubuntu1~14.04.7+esm7
- https://launchpad.net/ubuntu/+source/python2.7/2.7.3-0ubuntu3.18
- https://ubuntu.com/security/notices/USN-4428-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this Python vulnerability?
The vulnerability ID for this Python vulnerability is CVE-2019-17514.
Which versions of Ubuntu are affected by this Python vulnerability?
The affected versions of Ubuntu are 12.04 ESM, 14.04 ESM, 16.04 LTS, and 18.04 LTS.
What is the severity of CVE-2019-17514?
The severity of CVE-2019-17514 is not mentioned in the provided information.
What is the remedy for this Python vulnerability?
The remedy for this Python vulnerability is to update to version 3.8.2-1ubuntu1.2 for Python 3.8, version 2.7.17-1~18.04ubuntu1.1 for Python 2.7, or version 3.6.9-1~18.04ubuntu1.1 for Python 3.6.
Are there any additional references for this Python vulnerability?
Yes, you can find additional information about this Python vulnerability at the following references: [CVE-2019-20907](https://ubuntu.com/security/CVE-2019-20907), [CVE-2019-9674](https://ubuntu.com/security/CVE-2019-9674), [CVE-2019-17514](https://ubuntu.com/security/CVE-2019-17514).
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/title
- agent/description
- agent/event
- agent/references
- agent/tags
- agent/trending
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04
- version/ubuntu ubuntu/12.04