ELA-853-1 python2.7 security update

multiple vulnerabilities

2023-05-25
Packagepython2.7
Version2.7.9-2-ds1-1+deb8u10 (jessie), 2.7.13-2+deb9u7 (stretch)
Related CVEs CVE-2015-20107 CVE-2020-8492 CVE-2020-26116 CVE-2021-3733 CVE-2021-3737 CVE-2022-45061


Multiple security issues were discovered in Python, an interactive high-level object-oriented language. An attacker may cause command injection, denial of service (DoS) and request smuggling.

This update also brings improved fixes for CVE-2019-10160 (ELA-134-1,DLA-2280-1) and CVE-2021-3177 (ELA-598-1,DLA-2919-1), and drop the patch for CVE-2019-9740/CVE-2019-9947 (DLA-1834-1,DLA-2337-1) whose issue was introduced later in the 2.7.x series.



For Debian 8 jessie, these problems have been fixed in version 2.7.9-2-ds1-1+deb8u10.

For Debian 9 stretch, these problems have been fixed in version 2.7.13-2+deb9u7.

We recommend that you upgrade your python2.7 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.