-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJSSulVAAoJEGVp2FWnRL6TA1MQAJhLak6+KtdKItVVJQWNmh4t
fxdL4q/BhMWwXHKG+RBmHjgW42K0Dd9AF3xPlnvOeBb8KPJxjMtoSxkcFxq0bBGw
zXIyZUIcL0LocdNm37ncWktlekzFDCK8GJDEmn4JU6X1QjFmsd1MEbHWCMhi79+N
eUem3Z1T8tb4MvIwqmiZc9UdBo9pdVcr8mitEwKXNKBvkiDnGV6PkHGAYO9DB3w4
OIe9zX7eWvZ1m1x2rK4+PDR5JgyIH7dD+KalwSfxwvm9mf1rLEKNEi77buG0vZwW
+9AI3oipcRcbZ5vbXq8uvjM9CKo3H59YUDaqSzE7aPyle1EeprUrDIzJX9pIgPal
4FnGsXbOG4MbwmcTAoNil1n2mGPJXhbwo9/0xt5gbsCgEFVyi8ECktifQoiPT7pl
jnELP0rJP9DRWCDPL/8AsfZbjvCkrk7XPAU5NMpCQYXqqwIIf6gHgCi35PID3jsy
Klc8ch7u6VEkxaxfheQNt+DSGVwKi33YvA9Ij3OAb9fGoOj9D8hxg71e91aqBSaf
uI/MtiPII0X+7aBYQi0EinTWlPgOmS+Q045h5ZMPP/7w1Fd+HWGodw14vo4NHl+y
JGk7yUXhKaK5HypAcKHVTOHVUid9gzWjWd+2w148qyWPgsyEOg9QHYOQ0RCVlCRR
CUxTOVMj5IO3mJqzyTu1
=wQIP
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1983-1
October 01, 2013
python2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
Florian Weimer discovered that Python incorrectly handled matching multiple
wildcards in ssl certificate hostnames. An attacker could exploit this to
cause Python to consume resources, resulting in a denial of service. This
issue only affected Ubuntu 13.04. (CVE-2013-2099)
Ryan Sleevi discovered that Python did not properly handle certificates
with NULL characters in the Subject Alternative Name field. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. (CVE-2013-4238)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
python2.7 2.7.4-2ubuntu3.2
python2.7-minimal 2.7.4-2ubuntu3.2
Ubuntu 12.10:
python2.7 2.7.3-5ubuntu4.3
python2.7-minimal 2.7.3-5ubuntu4.3
Ubuntu 12.04 LTS:
python2.7 2.7.3-0ubuntu3.4
python2.7-minimal 2.7.3-0ubuntu3.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1983-1
CVE-2013-2099, CVE-2013-4238
Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.4-2ubuntu3.2
https://launchpad.net/ubuntu/+source/python2.7/2.7.3-5ubuntu4.3
https://launchpad.net/ubuntu/+source/python2.7/2.7.3-0ubuntu3.4
No comments:
Post a Comment