Ubuntu
python3.8 package

python3.8 subinterpereters cause use-after-free in asyncio

Bug #1887847 reported by Paul Hollinsky
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python3.8 (Ubuntu)
Fix Released
Medium
Unassigned
Focal
Fix Released
Medium
Unassigned

Bug Description

Python 3.8.0 to 3.8.2 include a bug which breaks subinterpereters nearly in their entirety.

If a subinterpereter initializes asyncio (a library used by many other libraries), then exits, and another subinterpereter initializes asyncio, there will be a use-after-free and segmentation fault.

See: https://bugs.python.org/issue40294

A main.c small test program is attached to that bug which replicates the issue.

The bug has been fixed as of 3.8.3 and 3.9.0. I attached a patch which backports the one-line fix to a 3.8.2-1ubuntu1.2 version for focal.

I am writing a piece of software that I fear will be unusable on focal without this backport, since the default python3 is python 3.8.2-1ubuntu1.1 at the time of writing. Since it does not contain the fix, my application crashes.

Revision history for this message
Paul Hollinsky (paulywog) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "1-3.8.2-1ubuntu1.2.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Mathew Hodson (mhodson)
Changed in python3.8 (Ubuntu):
importance: Undecided → Medium
Mathew Hodson (mhodson)
tags: added: focal
removed: after asyncio bpo40294 free gh-19542 gh-19565 use use-after-free
Changed in python3.8 (Ubuntu):
status: New → Fix Released
Changed in python3.8 (Ubuntu Focal):
importance: Undecided → Medium
tags: added: bitesize
Revision history for this message
Mathew Hodson (mhodson) wrote :

This bug was fixed in the package python3.8 - 3.8.5-1~20.04

---------------
python3.8 (3.8.5-1~20.04) focal-proposed; urgency=medium

  * SRU: LP: #1889218. Backport Python 3.8.5 to 20.04 LTS.

python3.8 (3.8.5-1) unstable; urgency=medium

  * Python 3.8.5 release.
    - Fix issue 41295, regression on __setattr__ in multiinheritance with
       metaclasses. Closes: #965069.

python3.8 (3.8.4-1) unstable; urgency=medium

  * Python 3.8.4 release.
  * Update VCS attributes in the control file.

python3.8 (3.8.4~rc1-1) unstable; urgency=medium

  * Python 3.8.4 release candidate 1.

python3.8 (3.8.3-1) unstable; urgency=medium

  * Python 3.8.3 release.
  * Add XB-Cnf-Visible-Pkgname header on the python*-minimal package to
    point command-not-found at the full one. LP: #1867157

python3.8 (3.8.3~rc1-1) unstable; urgency=medium

  * Python 3.8.3 release candidate 1.
    - Issue #38576, CVE-2019-18348: Disallow control characters in hostnames
      in http.client.
    - Issue #39503, CVE-2020-8492: Denial of service in
      urllib.request.AbstractBasicAuthHandler.

 -- Matthias Klose <email address hidden> Tue, 28 Jul 2020 14:59:40 +0200

Changed in python3.8 (Ubuntu Focal):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.