drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Python
Name: |
Zwei Probleme in Python |
|
ID: |
USN-5199-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS |
|
Datum: |
Fr, 17. Dezember 2021, 23:56 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737 |
|
Applikationen: |
Python |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2163778520467094552== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BVKcDR4nT0u7MyOM4yoMd4XaNEtpkNLVI"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BVKcDR4nT0u7MyOM4yoMd4XaNEtpkNLVI Content-Type: multipart/mixed; boundary="YQfco2a4DZIPoNaTtAH516YocHfew4YMf"; protected-headers="v1" From: Ian Constantin <ian.constantin@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <1bd1e82f-3c3d-fb20-e721-09481eb254ca@canonical.com> Subject: [USN-5199-1] Python vulnerabilities
--YQfco2a4DZIPoNaTtAH516YocHfew4YMf Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-U Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-5199-1 December 17, 2021
python3.6 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Python could be made to crash if it receives specially crafted input from a malicious server.
Software Description: - python3.6: An interactive high-level object-oriented language
Details:
It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733)
It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: libpython3.6-stdlib 3.6.9-1~18.04ubuntu1.6 python3.6 3.6.9-1~18.04ubuntu1.6 python3.6-minimal 3.6.9-1~18.04ubuntu1.6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5199-1 CVE-2021-3733, CVE-2021-3737
Package Information: https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.6
--YQfco2a4DZIPoNaTtAH516YocHfew4YMf--
--BVKcDR4nT0u7MyOM4yoMd4XaNEtpkNLVI Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmG8y60ACgkQa1+PL+d1 /EgQQAv+NWO/G5meO3BaIDp2kpZRCGJaN09ssbMwerq1cyyxQSmTFd7u8Yr00jT8 uYWehZIoC+4VSiw74+/E/J7k30U9dBY4ukzqIb34yP+GvtOBKAjodbYRcK5Uaac7 5s8BaslQj7sTC2Bzt45Rsl/e1t5Tm2teTC5rk1RDzVPwoKOKKvcJCp/vc9eXipnh izZLjPe9DFE19hX/DUfEJs4mEbXCj7BoJduxKVpKkIj+H51531wXMKfkZCNIuvlY tJaq3Op8VveDKKlYQKQcdhDl/qsMj2z+n//6Abfw9uXF0JUAvhtaBoRSZHGf/Fkx r+fLoURbgg97r2i8l7BKvooTV56mkPUTypXdOFxahsYz6tJ02A3/aEUu2gbXrmKC 1iK7+uj5mOv/+46j3VX7q1WqPqB0iPB/0QmH4yh/m8BuWDLpxL0H48EVnvNCggjj wxXiV8szRpKW1itkKta2IdQnSRplyOGfcwPxB8PzcaPhLzOqQwE/GpthY2ba64YD MwLTmwRe =Ylkh -----END PGP SIGNATURE-----
--BVKcDR4nT0u7MyOM4yoMd4XaNEtpkNLVI--
--===============2163778520467094552== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============2163778520467094552==--
|
|
|
|