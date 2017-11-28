

==========================================================================

Ubuntu Security Notice USN-3496-3

November 28, 2017



python3.4, python3.5 vulnerability

==========================================================================



A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 17.04

- Ubuntu 16.04 LTS

- Ubuntu 14.04 LTS



Summary:



Python could be made to run arbitrary code.



Software Description:

- python3.5: An interactive high-level object-oriented language

- python3.4: An interactive high-level object-oriented language



Details:



USN-3496-1 fixed a vulnerability in Python2.7. This update provides

the corresponding update for versions 3.4 and 3.5.



Original advisory details:



It was discovered that Python incorrectly handled decoding certain

strings. An attacker could possibly use this issue to execute

arbitrary code.



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 17.04:

python3.5 3.5.3-1ubuntu0~17.04.2

python3.5-minimal 3.5.3-1ubuntu0~17.04.2



Ubuntu 16.04 LTS:

python3.5 3.5.2-2ubuntu0~16.04.4

python3.5-minimal 3.5.2-2ubuntu0~16.04.4



Ubuntu 14.04 LTS:

python3.4 3.4.3-1ubuntu1~14.04.6

python3.4-minimal 3.4.3-1ubuntu1~14.04.6



In general, a standard system update will make all the necessary

changes.



References:

https://www.ubuntu.com/usn/usn-3496-3

https://www.ubuntu.com/usn/usn-3496-1

CVE-2017-1000158



Package Information:

https://launchpad.net/ubuntu/+source/python3.5/3.5.3-1ubuntu0~17.04.2

https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.4

https://launchpad.net/ubuntu/+source/python3.4/3.4.3-1ubuntu1~14.04.6



