Python had several vulnerabilities that could even drain the battery of our computers

Pablinux

2 minutes

Python repaired in Ubuntu

There is no perfect operating system, and no software that is free from vulnerabilities. This week, Canonical has published several in Python, the famous software programming language that can end on any operating system, be it Linux, macOS, Windows or mobiles and the Internet of Things (IoT). As always, the company that develops the operating system that gives its name to this blog has published all the information after correcting the problems.

The vulnerabilities affect all versions of Ubuntu that enjoy official support, which are currently Ubuntu 19.04 Disco Dingo, Ubuntu 18.04 Bionic Beaver and Ubuntu 16.04 Xenial Xerus, although not all affect all operating systems. Total, 8 vulnerabilities have been fixed, six of them of medium priority and two of low priority. None affect Ubuntu 19.10 that will be released in mid-October. UPDATED: There are also patches for Ubuntu 14.04 ESM and Ubuntu 12.04 ESM.

Python vulnerabilities fixed this week

  • CVE-2018-20406- By mishandling some pickle files, an attacker could use this flaw to consume memory through denial of service (DoS). This bug only affects Ubuntu 16.04 and Ubuntu 18.04.
  • CVE-2018-20852- An attacker could trick Python by sending cookies to the wrong domain, due to Python incorrectly validating the domain when handling cookies.
  • CVE-2019-10160CVE-2019-9636: Python was incorrectly handling Unicode encryption during NFKC normalization. An attacker could use this to obtain sensitive information.
  • CVE-2019-5010: Python incorrectly handled parsing of certain X509 certificates. An attacker could use this to cause Python to crash, resulting in denial of service (DoS). This bug affected Ubuntu 18.04 and Ubuntu 16.04.
  • CVE-2019-9740CVE-2019-9947- By mishandling some urls, an attacker could use this to perform CRLF injection attacks.
  • CVE-2019-9948: Python was incorrectly handling the local_file: schema, something that could be used by a remote attacker to bypass the blacklist mechanisms.

As we have already mentioned, Canonical has already fixed all the vulnerabilities mentioned in this article, both in Ubuntu 19.04, Ubuntu 18.04 and Ubuntu 16.04. All we have to do is open the software center (or the update app of our distribution) and apply updates. Once applied, you will need to restart your computer to ensure that the patches take effect.

Many bugs in Ubuntu kernel- Update
Related article:
Update your kernel now: Canonical fixes up to 109 CVE bugs in the kernel of all Ubuntu versions

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.