Rapid7 Vulnerability & Exploit Database

Ubuntu: USN-5342-1 (CVE-2021-4189): Python vulnerabilities

Back to Search

Ubuntu: USN-5342-1 (CVE-2021-4189): Python vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
03/16/2022
Created
03/31/2022
Added
03/29/2022
Modified
05/24/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-5342-1:

David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426)

It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2021-4189)

It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0391)

Solution(s)

  • ubuntu-upgrade-python2-7
  • ubuntu-upgrade-python2-7-minimal
  • ubuntu-upgrade-python3-4
  • ubuntu-upgrade-python3-4-minimal
  • ubuntu-upgrade-python3-5
  • ubuntu-upgrade-python3-5-minimal
  • ubuntu-upgrade-python3-6
  • ubuntu-upgrade-python3-6-minimal
  • ubuntu-upgrade-python3-8
  • ubuntu-upgrade-python3-8-minimal

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;