{"id":"USN-4668-3","summary":"python-apt regression","details":"USN-4668-1 fixed vulnerabilities in python-apt. The update caused a\nregression when using certain APIs with a file handle. This update fixes\nthe problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Kevin Backhouse discovered that python-apt incorrectly handled resources. A\n local attacker could possibly use this issue to cause python-apt to consume\n resources, leading to a denial of service.\n","modified":"2026-04-22T10:10:15.912218Z","published":"2021-01-04T13:52:32Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4668-3"},{"type":"REPORT","url":"https://launchpad.net/bugs/1907676"}],"affected":[{"package":{"name":"python-apt","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/python-apt@1.1.0~beta1ubuntu0.16.04.11?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0~beta1ubuntu0.16.04.11"}]}],"versions":["1.0.1build1","1.0.1ubuntu2","1.1.0~beta1","1.1.0~beta1build1","1.1.0~beta1ubuntu0.16.04.1","1.1.0~beta1ubuntu0.16.04.2","1.1.0~beta1ubuntu0.16.04.4","1.1.0~beta1ubuntu0.16.04.5","1.1.0~beta1ubuntu0.16.04.7","1.1.0~beta1ubuntu0.16.04.8","1.1.0~beta1ubuntu0.16.04.9","1.1.0~beta1ubuntu0.16.04.10"],"ecosystem_specific":{"binaries":[{"binary_version":"1.1.0~beta1ubuntu0.16.04.11","binary_name":"python-apt"},{"binary_version":"1.1.0~beta1ubuntu0.16.04.11","binary_name":"python-apt-common"},{"binary_version":"1.1.0~beta1ubuntu0.16.04.11","binary_name":"python3-apt"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4668-3.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[]}}},{"package":{"name":"python-apt","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/python-apt@1.6.5ubuntu0.5?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.5ubuntu0.5"}]}],"versions":["1.4.0~beta3build2","1.4.0~beta3ubuntu1","1.6.0~rc2ubuntu1","1.6.0~rc2ubuntu2","1.6.0","1.6.1","1.6.2","1.6.3","1.6.3ubuntu1","1.6.4","1.6.5ubuntu0.1","1.6.5ubuntu0.2","1.6.5ubuntu0.3","1.6.5ubuntu0.4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.6.5ubuntu0.5","binary_name":"python-apt"},{"binary_version":"1.6.5ubuntu0.5","binary_name":"python-apt-common"},{"binary_version":"1.6.5ubuntu0.5","binary_name":"python3-apt"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4668-3.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[]}}},{"package":{"name":"python-apt","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/python-apt@2.0.0ubuntu0.20.04.3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0ubuntu0.20.04.3"}]}],"versions":["1.9.0ubuntu1","1.9.0ubuntu3","1.9.0ubuntu5","1.9.3ubuntu2","1.9.5","1.9.5build1","1.9.7","1.9.8","1.9.10","2.0.0","2.0.0ubuntu0.20.04.1","2.0.0ubuntu0.20.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.0.0ubuntu0.20.04.3","binary_name":"python-apt"},{"binary_version":"2.0.0ubuntu0.20.04.3","binary_name":"python-apt-common"},{"binary_version":"2.0.0ubuntu0.20.04.3","binary_name":"python3-apt"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4668-3.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[]}}}],"schema_version":"1.7.5"}