Missing Release of Resource after Effective Lifetime Affecting python-apt package, versions <1.8.4.2
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-PYTHONAPT-1050019
- published 10 Dec 2020
- disclosed 10 Dec 2020
Introduced: 10 Dec 2020
CVE-2020-27351 Open this link in a new tabHow to fix?
Upgrade Debian:10 python-apt to version 1.8.4.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream python-apt package and not the python-apt package as distributed by Debian.
See How to fix? for Debian:10 relevant fixed versions and status.
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0beta1 versions prior to 1.1.0beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;