Python update to tackle remote code vulnerability

The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline.

PSF is urging its legion of Python users to upgrade systems to Python 3.8.8 or 3.9.2, in particular to address the remote code execution (RCE) vulnerability that’s tracked as CVE-2021-3177.

The project expedited the release after receiving unexpected pressure from some users who were concerned over the security flaw.

Python 3.x through to 3.9.1 has a buffer overflow in PyCArg_repr in ctypes/callproc.c, which may lead to remote code execution.

Continue reading “Python update to tackle remote code vulnerability”