First published: Fri Dec 17 2021(Updated: )
It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (Dos) condition for a client.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3.9-minimal | <3.9.5-3ubuntu0~21.04.1 | 3.9.5-3ubuntu0~21.04.1 |
Ubuntu Ubuntu | =21.04 | |
All of | ||
ubuntu/libpython3.9-stdlib | <3.9.5-3ubuntu0~21.04.1 | 3.9.5-3ubuntu0~21.04.1 |
Ubuntu Ubuntu | =21.04 | |
All of | ||
ubuntu/python3.9 | <3.9.5-3ubuntu0~21.04.1 | 3.9.5-3ubuntu0~21.04.1 |
Ubuntu Ubuntu | =21.04 | |
All of | ||
ubuntu/python3.9-minimal | <3.9.5-3ubuntu0~20.04.1 | 3.9.5-3ubuntu0~20.04.1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/python3.9 | <3.9.5-3ubuntu0~20.04.1 | 3.9.5-3ubuntu0~20.04.1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/libpython3.8-stdlib | <3.8.10-0ubuntu1~20.04.2 | 3.8.10-0ubuntu1~20.04.2 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/python3.8 | <3.8.10-0ubuntu1~20.04.2 | 3.8.10-0ubuntu1~20.04.2 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/python3.8-minimal | <3.8.10-0ubuntu1~20.04.2 | 3.8.10-0ubuntu1~20.04.2 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/libpython3.9-stdlib | <3.9.5-3ubuntu0~20.04.1 | 3.9.5-3ubuntu0~20.04.1 |
Ubuntu Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this advisory is USN-5201-1.
The title of the advisory is USN-5201-1: Python vulnerabilities.
The Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses, causing a denial of service (DoS) condition for a client.
The vulnerability affects Ubuntu 21.04 and Ubuntu 20.04.
You can find more information about the vulnerability in the following references: [CVE-2021-3737](https://ubuntu.com/security/CVE-2021-3737), [USN-5083-1](https://ubuntu.com/security/notices/USN-5083-1), [USN-5199-1](https://ubuntu.com/security/notices/USN-5199-1).