Sicherheit: Mangelnde Prüfung von Zertifikaten in httplib2

Lesezeichen hinzufügen

--===============6190209299940351550==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-S0xwugtyqroIwNBqTsiN"

--=-S0xwugtyqroIwNBqTsiN
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1375-1
February 27, 2012

python-httplib2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

httplib2 could be made to expose sensitive information over the network.

Software Description:
- python-httplib2: comprehensive HTTP client library written for Python

Details:

The httplib2 Python library earlier than version 0.7.0 did not perform any
server certificate validation when using HTTPS connections. If a remote
attacker were able to perform a man-in-the-middle attack, this flaw could
be exploited to alter or compromise confidential information in
applications that used the httplib2 library.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
python-httplib2 0.7.2-1ubuntu2~0.11.10.1
python3-httplib2 0.7.2-1ubuntu2~0.11.10.1

Ubuntu 11.04:
python-httplib2 0.7.2-1ubuntu2~0.11.04.1
python3-httplib2 0.7.2-1ubuntu2~0.11.04.1

Ubuntu 10.10:
python-httplib2 0.7.2-1ubuntu2~0.10.10.1
python3-httplib2 0.7.2-1ubuntu2~0.10.10.1

Ubuntu 10.04 LTS:
python-httplib2 0.7.2-1ubuntu2~0.10.04.1

In general, a standard system update will make all the necessary changes.

This update uses a new upstream release, which includes additional bug
fixes.

References:
http://www.ubuntu.com/usn/usn-1375-1
https://launchpad.net/bugs/882030

Package Information:
https://launchpad.net/ubuntu/+source/python-httplib2/0.7.2-1ubuntu2~0.11.10.1
https://launchpad.net/ubuntu/+source/python-httplib2/0.7.2-1ubuntu2~0.11.04.1
https://launchpad.net/ubuntu/+source/python-httplib2/0.7.2-1ubuntu2~0.10.10.1
https://launchpad.net/ubuntu/+source/python-httplib2/0.7.2-1ubuntu2~0.10.04.1

--Ü0xwugtyqroIwNBqTsiN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPS4WEAAoJEGVp2FWnRL6TY9IQAILqk3BfpF4SjRaopGOODrl8
FmM3BdsJgtAxizqs5OASx5lPujmcX+j8iZNez4vSfLuwDDyo6mFap9tYZoHmObrj
S8PgjarWs16FtB84GffjItC1dVGyeJmf1W8Pm1HMhdDGWuJs0GeeQNVZPsPqPOfg
YblzAtRGYNe25QAU+y4bt8oAgP6emkG3P4tULwNp1+Rs/uXg8VmzwQLheA2MpvgO
PaOC3R8DdiwKFwxAWZ3lXAdd4LTTF+oFElCfOzRG8GKtl9c/5H29CGoGJVlA6dcc
0E6AL77Qt/jlVuTSK8b7NBZTWbiIMZpV+J4HqD/ll2Jcith7XvuL6OYHGg1axIb8
twNK4A6Nlxs+GGygOXRxgQiXpvsRyv32Y7Oj88JLCPXa7DP+6aWmhtnJcnjnB+Pr
aBI2J3FcUBtgm5wvX9h0o6K9tX0PG8q70wErkbTKul3iWFdWLI1mCMsBIZuGDMB6
hfTqkL93P4spdHIytOrOiVq/3aQzEsdy2E+ELap0I9qias2amDn7EzYNJz2M+o4p
lIQT3xWQr5bSbJdyuz1JIJVp2/ND/+VeHDBws6Wn7tvKcUkpwvw+zUnUxVFRlRDs
Iq3NuEt97Kdy90STAPAiEYcdHqpZnyy+gs4losnOc7KXO4XrI+eJOn9udcCk/3V7
5/uSWTul6Y9tE8rxpwwL
=ILBc
-----END PGP SIGNATURE-----

--=-S0xwugtyqroIwNBqTsiN--

--===============6190209299940351550==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6190209299940351550==--