Debian 10225 Published by

A python-ipaddress security update has been released for Debian GNU/Linux 9 Extended LTS to address a potential denial of service (DoS) vulnerability.



ELA-859-1 python-ipaddress security update

Package : python-ipaddress
Version : 1.0.17-1+deb9u1 (stretch)

Related CVEs :
CVE-2020-14422

A potential denial of service (DoS) vulnerability was discovered in
python-ipaddress, a backport of Python 3’s ipaddress module for creating
and manipulating IPv4 and IPv6 internet addresses (eg. 127.0.0.1).
This was caused by improperly computing hash values in the IPv4Interface and
IPv6Interface classes: if an application was affected by the performance of a
dictionary containing IPv4Interface or IPv6Interface objects, an attacker
could have caused many dictionary entries to be created.

ELA-859-1 python-ipaddress security update