USN-5629-1: Python vulnerability
22 September 2022
Python could be made to redirect web traffic if its http.server received a specially crafted request.
Releases
Packages
- python3.5 - An interactive high-level object-oriented language
Details
It was discovered that the Python http.server module incorrectly handled
certain URIs. An attacker could potentially use this to redirect web traffic.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
libpython3.5-stdlib
-
3.5.2-2ubuntu0~16.04.13+esm5
Available with Ubuntu Pro
-
libpython3.5-minimal
-
3.5.2-2ubuntu0~16.04.13+esm5
Available with Ubuntu Pro
-
python3.5
-
3.5.2-2ubuntu0~16.04.13+esm5
Available with Ubuntu Pro
-
python3.5-minimal
-
3.5.2-2ubuntu0~16.04.13+esm5
Available with Ubuntu Pro
-
libpython3.5
-
3.5.2-2ubuntu0~16.04.13+esm5
Available with Ubuntu Pro
After a standard system update you need to restart the python3 http.server
to make all the necessary changes.
References
Related notices
- USN-5888-1: idle-python3.9, python3.9-minimal, python3.9-examples, python3.9-venv, libpython3.9, libpython3.9-minimal, python3.9, python3.9-full, libpython3.9-stdlib, python3.9-dev, libpython3.9-testsuite, python3.9-doc, libpython3.9-dev