drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Python
Name: |
Zwei Probleme in Python |
|
ID: |
USN-1983-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 |
|
Datum: |
Mi, 2. Oktober 2013, 07:53 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238 |
|
Applikationen: |
Python |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============9163822813244580847== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="cECSl91Qpn5TNxlASvXke0EvrGUD7AAEc"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --cECSl91Qpn5TNxlASvXke0EvrGUD7AAEc Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1983-1 October 01, 2013
python2.7 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description: - python2.7: An interactive high-level object-oriented language
Details:
Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. (CVE-2013-2099)
Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2013-4238)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04: python2.7 2.7.4-2ubuntu3.2 python2.7-minimal 2.7.4-2ubuntu3.2
Ubuntu 12.10: python2.7 2.7.3-5ubuntu4.3 python2.7-minimal 2.7.3-5ubuntu4.3
Ubuntu 12.04 LTS: python2.7 2.7.3-0ubuntu3.4 python2.7-minimal 2.7.3-0ubuntu3.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1983-1 CVE-2013-2099, CVE-2013-4238
Package Information: https://launchpad.net/ubuntu/+source/python2.7/2.7.4-2ubuntu3.2 https://launchpad.net/ubuntu/+source/python2.7/2.7.3-5ubuntu4.3 https://launchpad.net/ubuntu/+source/python2.7/2.7.3-0ubuntu3.4
--cECSl91Qpn5TNxlASvXke0EvrGUD7AAEc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJSSulVAAoJEGVp2FWnRL6TA1MQAJhLak6+KtdKItVVJQWNmh4t fxdL4q/BhMWwXHKG+RBmHjgW42K0Dd9AF3xPlnvOeBb8KPJxjMtoSxkcFxq0bBGw zXIyZUIcL0LocdNm37ncWktlekzFDCK8GJDEmn4JU6X1QjFmsd1MEbHWCMhi79+N eUem3Z1T8tb4MvIwqmiZc9UdBo9pdVcr8mitEwKXNKBvkiDnGV6PkHGAYO9DB3w4 OIe9zX7eWvZ1m1x2rK4+PDR5JgyIH7dD+KalwSfxwvm9mf1rLEKNEi77buG0vZwW +9AI3oipcRcbZ5vbXq8uvjM9CKo3H59YUDaqSzE7aPyle1EeprUrDIzJX9pIgPal 4FnGsXbOG4MbwmcTAoNil1n2mGPJXhbwo9/0xt5gbsCgEFVyi8ECktifQoiPT7pl jnELP0rJP9DRWCDPL/8AsfZbjvCkrk7XPAU5NMpCQYXqqwIIf6gHgCi35PID3jsy Klc8ch7u6VEkxaxfheQNt+DSGVwKi33YvA9Ij3OAb9fGoOj9D8hxg71e91aqBSaf uI/MtiPII0X+7aBYQi0EinTWlPgOmS+Q045h5ZMPP/7w1Fd+HWGodw14vo4NHl+y JGk7yUXhKaK5HypAcKHVTOHVUid9gzWjWd+2w148qyWPgsyEOg9QHYOQ0RCVlCRR CUxTOVMj5IO3mJqzyTu1 =wQIP -----END PGP SIGNATURE-----
--cECSl91Qpn5TNxlASvXke0EvrGUD7AAEc--
--===============9163822813244580847== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============9163822813244580847==--
|
|
|
|