GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jan 25, 2021 12:26 am Post subject: [ GLSA 202101-18 ] Python |
 |
|
Gentoo Linux Security Advisory
Title: Python: Multiple vulnerabilities (GLSA 202101-18)
Severity: normal
Exploitable: remote
Date: 2021-01-24
Bug(s): #749339, #759928, #766189
ID: 202101-18
Synopsis
Multiple vulnerabilities have been found in Python, the worst of
which could result in the arbitrary execution of code.
Background
Python is an interpreted, interactive, object-oriented programming
language.
Affected Packages
Package: dev-lang/python
Vulnerable: < 2.7.18-r6
Vulnerable: < 3.6.12-r2
Vulnerable: < 3.7.9-r2
Vulnerable: < 3.8.7-r1
Vulnerable: < 3.9.1-r1
Unaffected: >= 2.7.18-r6
Unaffected: >= 3.6.12-r2
Unaffected: >= 3.7.9-r2
Unaffected: >= 3.8.7-r1
Unaffected: >= 3.9.1-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Python. Please review
the bugs referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Python 2.7 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.18-r5"
|
All Python 3.6 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.6.12-r1"
|
All Python 3.7 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.7.9-r1"
|
All Python 3.8 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.6-r1"
|
All Python 3.9 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.0-r1"
|
References
CVE-2020-26116
CVE-2021-3177 |
|
News & Announcements
