drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Python (Aktualisierung)
Name: |
Zwei Probleme in Python (Aktualisierung) |
|
ID: |
USN-4754-4 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS |
|
Datum: |
Do, 4. März 2021, 00:13 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177 |
|
Applikationen: |
Python |
|
Update von: |
Zwei Probleme in Python |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8147662618010239940== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0KNaCmSlDZZGUnXJQzwX19w1qvTWUx0Ck"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0KNaCmSlDZZGUnXJQzwX19w1qvTWUx0Ck Content-Type: multipart/mixed; boundary="o28NoGwD4GQZmA52q6m8x9Ce0C1kxegrw"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <26243ed0-86c5-ac10-8098-4abd8ee8f798@canonical.com> Subject: [USN-4754-4] Python 2.7 vulnerability
--o28NoGwD4GQZmA52q6m8x9Ce0C1kxegrw Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4754-4 March 03, 2021
python2.7 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
Python could be made to execute arbitrary code or denial of service if it received a specially crafted input.
Software Description: - python2.7: An interactive high-level object-oriented language
Details:
USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: python2.7 2.7.17-1~18.04ubuntu1.6 python2.7-minimal 2.7.17-1~18.04ubuntu1.6
Ubuntu 16.04 LTS: python2.7 2.7.12-1ubuntu0~16.04.18 python2.7-minimal 2.7.12-1ubuntu0~16.04.18
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4754-4 https://usn.ubuntu.com/4754-1 CVE-2021-3177
Package Information: https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.6 https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.18
--o28NoGwD4GQZmA52q6m8x9Ce0C1kxegrw--
--0KNaCmSlDZZGUnXJQzwX19w1qvTWUx0Ck Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmA/heIACgkQZWnYVadE vpOtexAAr7pQ7INoZUoDs1FVa0QRgl7JnLDpDP1lXAp5cvfvA61wkr2eRBasYEA/ wZagktSQdXd/jJzHTeSxLu7zFs3o+JTfb8VlzXsnpadZ3BGKsAnHqYnp8J4+ZAbn iNjpEhxRt9oPrhEmrfk/+GWxn4g9Es5Hd/GnTDnVOduXktElb/nnAUP5lOmQJse6 uIjawFcOr4T712noMG/Fuuu0tiZXB6KJLkgTZcOz2cZ4ie3TGTow8RyMO8h/NrRL 0vQJ8UA4EM7pQLWUUCGYDZ0U11hBnE9yWFYMxz2sNs/MCERXvMKfKDWScVJ8+W1p NTNNGt5o04fuxUwAiUqcPWeyjXjDoYqGny69TpPXTtK3J3TUdPdVDnQ/zYDYC6ZQ ahjJPdbBg2pb1yDUZ5CoHhbErIbkDnfarCyS3Yzc4C1fNtjLjgdJcrhq9BU0Z1jY caht6bbq2/Lwcqjrxao4jFLoBi7J6FY7Ub3eJB37CFkr5e6APN3qKSqQFX0XUYTb IulF2Yq6bRED+3+6I2+eIk68UocyFDIPZZ4lg4/3boCXHG/h6kUUW6lws3b+p5X0 BDt10WHsI5l3CJ24Ur5PwK1Ry0evbn2HM2Q4lRKooacmtbcd9Pdfg5De6EFw8cJq 58Zp9Bhwajw/Z5vA4Apf0UExIVVnbr8FVPMkqU9i93OW6bEdRa0= =VlkY -----END PGP SIGNATURE-----
--0KNaCmSlDZZGUnXJQzwX19w1qvTWUx0Ck--
--===============8147662618010239940== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============8147662618010239940==--
|
|
|
|