Ubuntu 6614 Published by

A Python security update has been released for Ubuntu Linux 16.04 ESM.



USN-5629-1: Python vulnerability


==========================================================================
Ubuntu Security Notice USN-5629-1
September 22, 2022

python3.5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Python could be made to redirect web traffic if its http.server
received a specially crafted request.

Software Description:
- python3.5: An interactive high-level object-oriented language

Details:

It was discovered that the Python http.server module incorrectly handled
certain URIs. An attacker could potentially use this to redirect web traffic.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
libpython3.5 3.5.2-2ubuntu0~16.04.13+esm5
libpython3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5
libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.13+esm5
python3.5 3.5.2-2ubuntu0~16.04.13+esm5
python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5

After a standard system update you need to restart the python3 http.server to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5629-1
CVE-2021-28861