Python update patches several major security flaws

Despite their nature, the vulnerabilities didn’t pose a serious threat

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

ThePython programming languagehas been forced to scurry to put out a new release of the popular programming language to address several security issues.

While the fix for the security flaws had already been pushed in the release candidate, thePythoncommunity urged the developers to bring them over to a stable release as soon as possible.

“Since the announcement of the release candidates for 3.9.2 on 3.8.8, we received a number of inquiries from end users urging us to expedite the final releases due to the security content, especially CVE-2021-3177,” note Python’s release team members in the release notes.

Toothless exploits

Toothless exploits

The vulnerability tracked as CVE-2021-3177 that spooked the community in particular is a remote code execution (RCE) flaw that could theoretically allow threat actors to execute arbitrary commands or code on a target machine. Moreover, it’s existed in allPython 3releases through to Python 3.9.1.

However, the release team notes that practical exploits of the vulnerability were “very unlikely” since several conditions had to be met for a successful exploit. They go on to refer to Red Hat’s analysis of the vulnerability who note that “the highest threat from this vulnerability is to system availability.”

Be that as it may, the issue has been fixed and the release team urges all Python users to switch to the latest release. Reports also note that long term support (LTS) releases such asDebianare backporting the security patches to ensure that earlier Python versions are inoculated as well.

Via:ZDNet

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Do-it-yourself repair kits for the iPhone 16 series are now available from Apple