USN-6991-1: AIOHTTP vulnerability
USN-6991-1: AIOHTTP vulnerability
5 September 2024
python-aiohttp would allow unintended access to files over the network.
Releases
Ubuntu 24.04 LTS Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM
Packages
python-aiohttp - http client/server for asyncio
Details
It was discovered that AIOHTTP did not properly restrict file access when
the ‘follow_symlinks’ option was set to True. A remote attacker could
possibly use this issue to access unauthorized files on the system.
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
Learn more about Ubuntu Pro
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
python-aiohttp-doc - 3.9.1-1ubuntu0.1