Description
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected products
- Canonical / python-apt1.1.0~beta1 – 1.1.0~beta1ubuntu0.16.04.10
- Canonical / python-apt1.6.5ubuntu0 – 1.6.5ubuntu0.4
- Canonical / python-apt2.0.0ubuntu0 – 2.0.0ubuntu0.20.04.2
- Canonical / python-apt2.1.3ubuntu1 – 2.1.3ubuntu1.1
References
- MISChttps://bugs.launchpad.net/bugs/1899193
- VENDOR_ADVISORYhttps://usn.ubuntu.com/usn/usn-4668-1
- VENDOR_ADVISORYhttps://www.debian.org/security/2020/dsa-4809