-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmcNTbwFAwAAAAAACgkQa1+PL+d1/Ehm
7wv7BNfVv0cHRWvJJ3Qj6vMgARr5cotFTv3rNxeUb+k4ZIEtGzPYJLK+nfjoDMUWIGEbYVulHLQI
wYETy1acAkEKArjZ41LzU9QAlQUnfJ3egLVbnYO1ctQ3rDyKFXcj6PN998zJBxE6jZVe3FiptI1/
HLEznmtmXrjLcWFrOX6Fgw/890ukfo18FFR/oMfF69BmlO2OdXX1e228lu4Wam+RCJ3Mcq1mZvg8
v6QxUT+YOI2UoUk1yf0tzhojuRbLxRKsLwnms4A7BqDJ3tXdMwgkC1vPuk3waUek0ifwXSKFxloD
VYOaP2L7Ep4pIABvc7HYw6Jg8JxC+dTT9PCQpjF0D7ihTispVYVY3+FGraOraSxjCTNk1UoDFPBY
uyU2CgUJecSDsUzvg/MKT9l8sw91kxSEB+knVeq665eTN1X8UpiLe9F0JJxI0mOfBHcGmkNRSNVC
0j5x1S3KAePepURwQHflwVX2SSA9E7HhniOnM4ZwMmWiOe0/Rkamd8MIrty8
=GrFj
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7040-2
October 14, 2024
configobj vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
ConfigObj could be made to crash if it received specially crafted input.
Software Description:
- configobj: simple but powerful config file reader and writer for Python
Details:
USN-7040-1 fixed a vulnerability in ConfigObj. This update
provides the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that ConfigObj contains regex that is susceptible to
catastrophic backtracking. An attacker could possibly use this issue to
cause a regular expression denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
python-configobj 4.7.2+ds-5ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7040-2
https://ubuntu.com/security/notices/USN-7040-1
CVE-2023-26112
No comments:
Post a Comment