==========================================================================
Ubuntu Security Notice USN-4668-2
December 10, 2020

python-apt regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10

Summary:

USN-4668-1 introduced a regression in python-apt.

Software Description:
– python-apt: Python interface to libapt-pkg

Details:

USN-4668-1 fixed vulnerabilities in python-apt. That update caused a
regression by removing information describing the Ubuntu 20.10 release from
the Ubuntu templates. This update fixes the problem by restoring this
information.

We apologize for the inconvenience.

Original advisory details:

Kevin Backhouse discovered that python-apt incorrectly handled
resources. A
local attacker could possibly use this issue to cause python-apt to
consume
resources, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
python3-apt 2.1.3ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4668-2
https://usn.ubuntu.com/4668-1
https://launchpad.net/bugs/1907496

Package Information:
https://launchpad.net/ubuntu/+source/python-apt/2.1.3ubuntu1.2
—–BEGIN PGP SIGNATURE—–

iQFOBAEBCgA4FiEEiOlTC8vdwgBRe16w9JjS2d59rZwFAl/Rhv4aHGFsZXgubXVy
cmF5QGNhbm9uaWNhbC5jb20ACgkQ9JjS2d59rZxrZwf+LCXHwHww1GMouqh/9v89
3dazq6sOJ/ZWPd8rKZ53prqKWzQZk2Nd6M4P6EJMLwi9yPhj/XwGg11EZ14E1Rgm
ioZ9oOtHUodkypUzqcTtysXGIDshFo+KEIdZoJ7LhNq/3/YkRanX6TIKXJ6TOIUZ
7ERr06XJ8631xdEThQd7M4oKeO+0HerKF51eDcNIy9aOZ1p3+JRELOTxmBT3qiGE
np9YeZF1vjMj5Eb0sBorR+JApNl/6EFFK8sBd4Tj7dhPVe+/myhTakMUbrB9PLSy
oZPyB1PmwlplEdFy1MVCA6SXk0vYwyphNT9YfiHja2KnY7zDuAAJZ/T54c+CZaZ6
dQ==
=3R1e
—–END PGP SIGNATURE——-
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4668-1
December 09, 2020

python-apt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

python-apt could be made to crash if it opened a specially crafted file.

Software Description:
– python-apt: Python interface to libapt-pkg

Details:

Kevin Backhouse discovered that python-apt incorrectly handled resources. A
local attacker could possibly use this issue to cause python-apt to consume
resources, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
python3-apt 2.1.3ubuntu1.1

Ubuntu 20.04 LTS:
python-apt 2.0.0ubuntu0.20.04.2
python3-apt 2.0.0ubuntu0.20.04.2

Ubuntu 18.04 LTS:
python-apt 1.6.5ubuntu0.4
python3-apt 1.6.5ubuntu0.4

Ubuntu 16.04 LTS:
python-apt 1.1.0~beta1ubuntu0.16.04.10
python3-apt 1.1.0~beta1ubuntu0.16.04.10

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4668-1
CVE-2020-27351

Package Information:
https://launchpad.net/ubuntu/+source/python-apt/2.1.3ubuntu1.1
https://launchpad.net/ubuntu/+source/python-apt/2.0.0ubuntu0.20.04.2
https://launchpad.net/ubuntu/+source/python-apt/1.6.5ubuntu0.4
https://launchpad.net/ubuntu/+source/python-apt/1.1.0~beta1ubuntu0.16.04.10

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/REBIACgkQZWnYVadE
vpOY6A//TMTtadDDbOg5XUPx37nMdE6xNhFtPONFeOJdhgzM1kwO9Oa8B/Kmi4LH
QFs5VzwXLHMaM5CGBYi7yIXNs1/cDK0mRYfhfKRK29hWPLig0i3mMYfhkWb/QvDB
jfcsTzIlp7Ipu9J+tsOREiVn9YbDkmFQlGB2/xscE9YFBoaOjckp+V94bJIXs6mi
+IxuCpOsqRDxGhQW0RRWyTbpWCi4u4bYcDNMZFVZrfg2GdHA+pL4q6hbfnOFVVf0
CNIuKufqGVrks6BYliNreoh6fGnHXJc7SQUqk3Kaar7wEevyKDaBxFIBB69Dh/RL
A3KPHVOFU7dqvvAIptHdAaf+S4Mh6xFyfoPIueasQafFlki1W0gC3bMXt8l5Y6Y2
O54maGvFVvKXUIfWTYymO7u+C30dezpGlrwb1tXUnfJAZNCPnsby0pLt9n7M6tzx
VViGNdoz3qKnL2CZGDMMUt1VDZfkrrujsPmNzD54upyQpYhjqVnawHBROMDDfvnW
HDJEKz4l0d5+u8TtnaL3aMvT7v6XavmaBHuGKf8uxPyw/6YUdjRMXri/QIl7bwP9
g90JFRt0/nWtTMsfpNtOefuN27gzIejI6FCeRsrvvAPYKEFqsQXPaVcb8hfyzx7z
rGGx7dlACU6Ks5SDEAjpFoE8LDAPVH7CTPEWISeZtvZPJkX1mnM=
=omOY
—–END PGP SIGNATURE—–
—