PT-2020-6227 · Canonical+1 · Python-Apt+2
Kevin Backhouse
·
Published
2020-12-09
·
Updated
2021-01-11
·
CVE-2020-27351
CVSS v3.1
2.8
Low
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
python-apt versions 1.1.0beta1 through 1.1.0beta1ubuntu0.16.04.9
python-apt versions 1.6.5ubuntu0 through 1.6.5ubuntu0.3
python-apt versions 2.0.0ubuntu0 through 2.0.0ubuntu0.20.04.1
python-apt versions 2.1.3ubuntu1 through 2.1.3ubuntu1.0
Description
The issue is related to memory and file descriptor leaks found in the python-apt module, specifically in the files python/arfile.cc, python/tag.cc, and python/tarfile.cc. This can lead to a denial of service. The leaks are caused by the lack of resource release after its expiration.
Recommendations
For python-apt versions 1.1.0beta1 through 1.1.0beta1ubuntu0.16.04.9, update to version 1.1.0~beta1ubuntu0.16.04.10 or later.
For python-apt versions 1.6.5ubuntu0 through 1.6.5ubuntu0.3, update to version 1.6.5ubuntu0.4 or later.
For python-apt versions 2.0.0ubuntu0 through 2.0.0ubuntu0.20.04.1, update to version 2.0.0ubuntu0.20.04.2 or later.
For python-apt versions 2.1.3ubuntu1 through 2.1.3ubuntu1.0, update to version 2.1.3ubuntu1.1 or later.
Fix
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Python-Apt