Debian 10263 Published by

A python-apt security update has been released for Debian GNU/Linux 10 to address out-of-bounds reads resulting in denial of service when processing malformed deb files.



DSA 4809-1: python-apt security update



- -------------------------------------------------------------------------
Debian Security Advisory DSA-4809-1 security@debian.org
  https://www.debian.org/security/ Salvatore Bonaccorso
December 09, 2020   https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : python-apt
CVE ID : CVE-2020-27351

Various memory and file descriptor leaks were discovered in the Python
interface to the APT package management runtime library, which could
result in denial of service.

For the stable distribution (buster), this problem has been fixed in
version 1.8.4.2.

We recommend that you upgrade your python-apt packages.

For the detailed security status of python-apt please refer to its
security tracker page at:
  https://security-tracker.debian.org/tracker/python-apt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://www.debian.org/security/