drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in python-apt (Aktualisierung)
Name: |
Denial of Service in python-apt (Aktualisierung) |
|
ID: |
USN-4668-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10 |
|
Datum: |
Mo, 4. Januar 2021, 23:30 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
python-apt |
|
Update von: |
Denial of Service in python-apt |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5456327653147837817== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SChH3reTM3PKiWwzB3EKzmlYYyVnbegAa"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --SChH3reTM3PKiWwzB3EKzmlYYyVnbegAa Content-Type: multipart/mixed; boundary="mJtIFR9JfsFRQEaKDxlIlMaXzlK4ExYZ5"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <b161aaa3-4803-8f53-f2d1-e94bc08c8992@canonical.com> Subject: [USN-4668-3] python-apt regression
--mJtIFR9JfsFRQEaKDxlIlMaXzlK4ExYZ5 Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4668-3 January 04, 2021
python-apt regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
USN-4668-1 introduced a regression in python-apt.
Software Description: - python-apt: Python interface to libapt-pkg
Details:
USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: python3-apt 2.1.3ubuntu1.3
Ubuntu 20.04 LTS: python-apt 2.0.0ubuntu0.20.04.3 python3-apt 2.0.0ubuntu0.20.04.3
Ubuntu 18.04 LTS: python-apt 1.6.5ubuntu0.5 python3-apt 1.6.5ubuntu0.5
Ubuntu 16.04 LTS: python-apt 1.1.0~beta1ubuntu0.16.04.11 python3-apt 1.1.0~beta1ubuntu0.16.04.11
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4668-3 https://usn.ubuntu.com/4668-1 https://launchpad.net/bugs/1907676
Package Information: https://launchpad.net/ubuntu/+source/python-apt/2.1.3ubuntu1.3 https://launchpad.net/ubuntu/+source/python-apt/2.0.0ubuntu0.20.04.3 https://launchpad.net/ubuntu/+source/python-apt/1.6.5ubuntu0.5 https://launchpad.net/ubuntu/+source/python-apt/1.1.0~beta1ubuntu0.16.04.11
--mJtIFR9JfsFRQEaKDxlIlMaXzlK4ExYZ5--
--SChH3reTM3PKiWwzB3EKzmlYYyVnbegAa Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/zO64ACgkQZWnYVadE vpOXlA/+Molvd7lsZ0dNMVHI4fnjn+EDWsc1CBKb2PGYdp8p3/df2I6gDEkCOdxJ v/Z4z2DshlTB8b9nVH0PcxuojNuhhnSp+HlzvrjO3YpbNavjBa1TcOFYdVOrlBIH 14KJUeH/9fthQVPJ76q+fCzAxR3Ai5TrKUF+gOpTYouVQHPK31RdkkLwyv8gITdc AgTD9lzfPRcx7IkdZP2I/DCNe0ggJ7uPHBcimwqG/84z9614a7GAHQa1O090yx76 Ik7EsL8IrVUttNQjYzPxJ7swd6YaTcCdFMjvgG+b3yXeoHg5ISFddwBiFt97t3Fy 2BpySAPks3FP7aLkiHQmjHnxItzs3Hpw/zAT24PdRNjtoDPtWTep7+KbuWuLyBfU CmW1BjF3jcTQX1UXCyg054SRQjmQa0GKjdeeyEqCj4OnFvkvk9I0T0MjzEonYYDQ 9vtGlUtgPuArrbicqM2lS9jctLBuF3lIOeQZ7UKxT7iMQotBvxWJId8u+ct4LbFM eMkFV0lbB+A7zqXw7dI1xeH+3s+I1AIuCI/XYqGFAZRNRMTShPfnITWwdHGCG0Cl UJMxc5+mEDOwpnJsSq1+Uk/pBZaB+rLeFQi44uIU+o7YzKDu5NBynFolmW2xTU0L fVU75OZ9j+BQq7AsL24p2KYe5FVzOrc7e2nSmanwJFPBp+T6FiE= =+icG -----END PGP SIGNATURE-----
--SChH3reTM3PKiWwzB3EKzmlYYyVnbegAa--
--===============5456327653147837817== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============5456327653147837817==--
|
|
|
|