USN-4668-3

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-4668-3

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4668-3.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4668-3

Published

2021-01-04T13:52:32Z

Modified

2026-04-22T10:10:15.912218Z

Summary

python-apt regression

Details

USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.

References

Affected packages

Ubuntu:16.04:LTS / python-apt

Package

Name: python-apt
Purl: pkg:deb/ubuntu/python-apt@1.1.0~beta1ubuntu0.16.04.11?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.0~beta1ubuntu0.16.04.11

Affected versions

1.*

1.0.1build1

1.0.1ubuntu2

1.1.0~beta1

1.1.0~beta1build1

1.1.0~beta1ubuntu0.16.04.1

1.1.0~beta1ubuntu0.16.04.2

1.1.0~beta1ubuntu0.16.04.4

1.1.0~beta1ubuntu0.16.04.5

1.1.0~beta1ubuntu0.16.04.7

1.1.0~beta1ubuntu0.16.04.8

1.1.0~beta1ubuntu0.16.04.9

1.1.0~beta1ubuntu0.16.04.10

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.1.0~beta1ubuntu0.16.04.11",
            "binary_name": "python-apt"
        },
        {
            "binary_version": "1.1.0~beta1ubuntu0.16.04.11",
            "binary_name": "python-apt-common"
        },
        {
            "binary_version": "1.1.0~beta1ubuntu0.16.04.11",
            "binary_name": "python3-apt"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4668-3.json"

cves_map

{
    "ecosystem": "Ubuntu:16.04:LTS",
    "cves": []
}

Ubuntu:18.04:LTS / python-apt

Package

Name: python-apt
Purl: pkg:deb/ubuntu/python-apt@1.6.5ubuntu0.5?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.5ubuntu0.5

Affected versions

1.*

1.4.0~beta3build2

1.4.0~beta3ubuntu1

1.6.0~rc2ubuntu1

1.6.0~rc2ubuntu2

1.6.0

1.6.1

1.6.2

1.6.3

1.6.3ubuntu1

1.6.4

1.6.5ubuntu0.1

1.6.5ubuntu0.2

1.6.5ubuntu0.3

1.6.5ubuntu0.4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.6.5ubuntu0.5",
            "binary_name": "python-apt"
        },
        {
            "binary_version": "1.6.5ubuntu0.5",
            "binary_name": "python-apt-common"
        },
        {
            "binary_version": "1.6.5ubuntu0.5",
            "binary_name": "python3-apt"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4668-3.json"

cves_map

{
    "ecosystem": "Ubuntu:18.04:LTS",
    "cves": []
}

Ubuntu:20.04:LTS / python-apt

Package

Name: python-apt
Purl: pkg:deb/ubuntu/python-apt@2.0.0ubuntu0.20.04.3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0ubuntu0.20.04.3

Affected versions

1.*

1.9.0ubuntu1

1.9.0ubuntu3

1.9.0ubuntu5

1.9.3ubuntu2

1.9.5

1.9.5build1

1.9.7

1.9.8

1.9.10

2.*

2.0.0

2.0.0ubuntu0.20.04.1

2.0.0ubuntu0.20.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2.0.0ubuntu0.20.04.3",
            "binary_name": "python-apt"
        },
        {
            "binary_version": "2.0.0ubuntu0.20.04.3",
            "binary_name": "python-apt-common"
        },
        {
            "binary_version": "2.0.0ubuntu0.20.04.3",
            "binary_name": "python3-apt"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4668-3.json"

cves_map

{
    "ecosystem": "Ubuntu:20.04:LTS",
    "cves": []
}