Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in Python
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in Python
ID: USN-1026-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS
Datum: Mi, 8. Dezember 2010, 11:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2477
Applikationen: Python

Originalnachricht


--===============4462449910075586678==
Content-Type: multipart/signed; micalg="pgp-sha1";
protocol="application/pgp-signature"; boundary="=-psrmDTZwX7AK/uB8GfJ4"


--=-psrmDTZwX7AK/uB8GfJ4
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-1026-1 December 07, 2010
paste vulnerability
CVE-2010-2477
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
python-paste 1.7.2-4ubuntu1.2

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Python Paste did not properly sanitize certain
strings, resulting in cross-site scripting (XSS) vulnerabilities. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data, within
the same domain.


Updated packages for Ubuntu 10.04 LTS:

Source archives:

paste_1.7.2-4ubuntu1.2.diff.gz
Size/MD5: 8082 9e724e29311afd6ce7933ac42da6f11f
paste_1.7.2-4ubuntu1.2.dsc
Size/MD5: 2103 d4acd77a7f7d4461c11bc096b9434299
http://security.ubuntu.com/ubuntu/pool/main/p/paste/paste_1.7.2.orig.tar.gz
Size/MD5: 373556 a6a58d08dc4bff91d5d1c519d2277f8a

Architecture independent packages:

python-paste_1.7.2-4ubuntu1.2_all.deb
Size/MD5: 400764 73601619b0d8077ede5ae8d64c67f50c




--
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung