Skip to main content

Python update patches several major security flaws

coding
(Image credit: Shutterstock / Elle Aon)

The Python programming language has been forced to scurry to put out a new release of the popular programming language to address several security issues.

While the fix for the security flaws had already been pushed in the release candidate, the Python community urged the developers to bring them over to a stable release as soon as possible.

“Since the announcement of the release candidates for 3.9.2 on 3.8.8, we received a number of inquiries from end users urging us to expedite the final releases due to the security content, especially CVE-2021-3177,” note Python’s release team members in the release notes.

Toothless exploits

The vulnerability tracked as CVE-2021-3177 that spooked the community in particular is a remote code execution (RCE) flaw that could theoretically allow threat actors to execute arbitrary commands or code on a target machine. Moreover, it’s existed in all Python 3 releases through to Python 3.9.1.

However, the release team notes that practical exploits of the vulnerability were “very unlikely” since several conditions had to be met for a successful exploit. They go on to refer to Red Hat’s analysis of the vulnerability who note that “the highest threat from this vulnerability is to system availability.” 

Be that as it may, the issue has been fixed and the release team urges all Python users to switch to the latest release. Reports also note that long term support (LTS) releases such as Debian are backporting the security patches to ensure that earlier Python versions are inoculated as well.

Via: ZDNet

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.