Showing 1 - 2 of 2

CVE-2019-9674

Status Candidate

Overview

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

Ubuntu Security Notice USN-4754-3: Posted Mar 12, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4754-3 - USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are included: It was discovered that Python allowed remote attackers to cause a denial of service via a ZIP bomb. It was discovered that Python had potentially misleading information about whether sorting occurs. This fix updates the documentation about it. Various other issues were also addressed.; tags | advisory, remote, denial of service, vulnerability, python; systems | linux, ubuntu; advisories | CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-26116, CVE-2020-27619, CVE-2020-8492; SHA-256 | 6c0e7ce6beab30b21a9bdb915fb21f53cfb96f785e275b6012bfe9f6b58e015f; Download | Favorite | View

Ubuntu Security Notice USN-4428-1: Posted Jul 22, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4428-1 - It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, python; systems | linux, ubuntu; advisories | CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-14422; SHA-256 | bd0ca3aa125b7eb221c2efb45192de20cbb57e4b69e622b348f061fab6792867; Download | Favorite | View

Page 1 of 1 Back 1 Next