drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in Python
Name: |
Cross-Site Scripting in Python |
|
ID: |
USN-1026-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS |
|
Datum: |
Mi, 8. Dezember 2010, 11:31 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2477 |
|
Applikationen: |
Python |
|
Originalnachricht |
--===============4462449910075586678== Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-psrmDTZwX7AK/uB8GfJ4"
--=-psrmDTZwX7AK/uB8GfJ4 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
=========================================================== Ubuntu Security Notice USN-1026-1 December 07, 2010 paste vulnerability CVE-2010-2477 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 10.04 LTS: python-paste 1.7.2-4ubuntu1.2
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Python Paste did not properly sanitize certain strings, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
Updated packages for Ubuntu 10.04 LTS:
Source archives:
paste_1.7.2-4ubuntu1.2.diff.gz Size/MD5: 8082 9e724e29311afd6ce7933ac42da6f11f paste_1.7.2-4ubuntu1.2.dsc Size/MD5: 2103 d4acd77a7f7d4461c11bc096b9434299 http://security.ubuntu.com/ubuntu/pool/main/p/paste/paste_1.7.2.orig.tar.gz Size/MD5: 373556 a6a58d08dc4bff91d5d1c519d2277f8a
Architecture independent packages:
python-paste_1.7.2-4ubuntu1.2_all.deb Size/MD5: 400764 73601619b0d8077ede5ae8d64c67f50c
--
|
|
|
|