Packages
- python-py - Advanced Python development support library
Details
The py.path.svnwc component of py (aka python-py) through v1.9.0 contains
a regular expression with an ambiguous subpattern that is susceptible to
catastrophic backtracing. This could be used by attackers to cause a compute-time
denial of service attack by supplying malicious input to the blame functionality.
The py.path.svnwc component of py (aka python-py) through v1.9.0 contains
a regular expression with an ambiguous subpattern that is susceptible to
catastrophic backtracing. This could be used by attackers to cause a compute-time
denial of service attack by supplying malicious input to the blame functionality.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
20.04 focal | pypy-py – 1.8.1-1ubuntu0.1 | ||
python3-py – 1.8.1-1ubuntu0.1 | |||
python-py – 1.8.1-1ubuntu0.1 | |||
18.04 bionic | pypy-py – 1.5.2-1ubuntu0.1 | ||
python3-py – 1.5.2-1ubuntu0.1 | |||
python-py – 1.5.2-1ubuntu0.1 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.