python2.7, python3.4, python3.5, python3.6 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS
* Ubuntu 14.04 ESM
* Ubuntu 12.04 ESM

Summary

Python could be used to perform a CRLF injection if it received a
specially crafted request.

Software Description

* python2.7 - An interactive high-level object-oriented language
* python3.6 - An interactive high-level object-oriented language
* python3.5 - An interactive high-level object-oriented language
* python3.4 - An interactive high-level object-oriented language

Details

It was discovered that Python incorrectly handled certain
character sequences. A remote attacker could possibly use this
issue to perform CRLF injection.

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 18.04 LTS
python2.7 - 2.7.17-1~18.04ubuntu1.2
python2.7-minimal - 2.7.17-1~18.04ubuntu1.2
python3.6 - 3.6.9-1~18.04ubuntu1.3
python3.6-minimal - 3.6.9-1~18.04ubuntu1.3

Ubuntu 16.04 LTS
python2.7 - 2.7.12-1ubuntu0~16.04.13
python2.7-minimal - 2.7.12-1ubuntu0~16.04.13
python3.5 - 3.5.2-2ubuntu0~16.04.12
python3.5-minimal - 3.5.2-2ubuntu0~16.04.12

Ubuntu 14.04 ESM
python2.7 - 2.7.6-8ubuntu0.6+esm7
python2.7-minimal - 2.7.6-8ubuntu0.6+esm7
python3.4 - 3.4.3-1ubuntu1~14.04.7+esm8
python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm8

Ubuntu 12.04 ESM
python2.7 - 2.7.3-0ubuntu3.19
python2.7-minimal - 2.7.3-0ubuntu3.19

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2020-26116

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)