Sicherheit: Zwei Probleme in Python

Lesezeichen hinzufügen

--===============5717236750369154987==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-Bg//LUl8Y8l+7mKkimkq"

--=-Bg//LUl8Y8l+7mKkimkq
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1314-1
December 19, 2011

python3.1, python3.2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

Applications using certain Python 3 modules could be made to crash or
expose sensitive information over the network.

Software Description:
- python3.1: An interactive high-level object-oriented language (version 3.1)
- python3.2: An interactive high-level object-oriented language (version 3.2)

Details:

Giampaolo Rodola discovered that the smtpd module in Python 3 did not
properly handle certain error conditions. A remote attacker could exploit
this to cause a denial of service via daemon outage. This issue only
affected Ubuntu 10.04 LTS. (CVE-2010-3493)

Niels Heinen discovered that the urllib module in Python 3 would process
Location headers that specify a file:// URL. A remote attacker could use
this to obtain sensitive information or cause a denial of service via
resource consumption. (CVE-2011-1521)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
python3.1-minimal 3.1.3-1ubuntu1.1
python3.2-minimal 3.2-1ubuntu1.1

Ubuntu 10.10:
python3.1-minimal 3.1.2+20100915-0ubuntu4.1

Ubuntu 10.04 LTS:
python3.1-minimal 3.1.2-0ubuntu3.1

In general, a standard system update will make all the necessary changes.
Daemons using the urllib or smtpd modules may also need to be restarted
after a pplying this update.

References:
http://www.ubuntu.com/usn/usn-1314-1
CVE-2010-3493, CVE-2011-1521

Package Information:
https://launchpad.net/ubuntu/+source/python3.1/3.1.3-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python3.2/3.2-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python3.1/3.1.2+20100915-0ubuntu4.1
https://launchpad.net/ubuntu/+source/python3.1/3.1.2-0ubuntu3.1

--Ûg//LUl8Y8l+7mKkimkq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJO7/YVAAoJEFHb3FjMVZVzLx4P/3A3sIoEIKCXTBUp1gYaHDUF
2KoNuzm3PvsuJOQDsCp5uDCUSzb8Etk2FTUMV14avsATmaKZBCIhpItIisqwY8cn
laf3J6rX7LET87DIJaWE7Xa1Nu09lh+kDPG4se11tH91SFTT5xkw3tjpKA3qdt54
Q5GaOVhLvLbUsARuRKcMN6B6KhaJgKF9070/+kfUsMVrQNY2KUUK4D0YZXfEXNPD
X4EK0Xesytodj2D7WY9fkohOL6y+KSfYxesL/WNN3foN71A14eM9gNKlVPnDirKt
G9uGt96bNClPWPpTCRvirnOjIiHB6S3ZEJ/rxvL0Oau7V3RhRrz0GUqMdIisFZQ2
XAfytMmA8uVAs/On+JkF9FnzYb/6nKllQ+BZFMfRG611V6Vc4SIXyZ+vBvJaTJJH
VeFRllgSBT7trK0OZTKAmM53f4i6NzAMWgd4CSWrb2F9pMNdbeutD45Fj1yh4Rjc
2yOMp+cv7z7L8yXxcQ+PhgmDdhQ8Sd7oNvf2fag5queyNFeLdNn3v67Fhhshl6Iy
eovKYRGZcUVCEoim2iAHQiBc0tRIc5ybnu6jT1Hv6n37uJki2i0T/Dfh2X91oG9x
C60Cix/CKngLVPJ1pK5RYY8yZqvKATQDtvTuv+mlQ9cEj0YQ7jzujQ6MK2NdExMC
unWLKhPYC0PYf3cUUK7A
=z7AC
-----END PGP SIGNATURE-----

--=-Bg//LUl8Y8l+7mKkimkq--

--===============5717236750369154987==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5717236750369154987==--