Sicherheit: Zwei Probleme in Python

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============9163822813244580847==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="cECSl91Qpn5TNxlASvXke0EvrGUD7AAEc"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--cECSl91Qpn5TNxlASvXke0EvrGUD7AAEc
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1983-1
October 01, 2013

python2.7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Python.

Software Description:
- python2.7: An interactive high-level object-oriented language

Details:

Florian Weimer discovered that Python incorrectly handled matching multiple
wildcards in ssl certificate hostnames. An attacker could exploit this to
cause Python to consume resources, resulting in a denial of service. This
issue only affected Ubuntu 13.04. (CVE-2013-2099)

Ryan Sleevi discovered that Python did not properly handle certificates
with NULL characters in the Subject Alternative Name field. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. (CVE-2013-4238)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
python2.7 2.7.4-2ubuntu3.2
python2.7-minimal 2.7.4-2ubuntu3.2

Ubuntu 12.10:
python2.7 2.7.3-5ubuntu4.3
python2.7-minimal 2.7.3-5ubuntu4.3

Ubuntu 12.04 LTS:
python2.7 2.7.3-0ubuntu3.4
python2.7-minimal 2.7.3-0ubuntu3.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1983-1
CVE-2013-2099, CVE-2013-4238

Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.4-2ubuntu3.2
https://launchpad.net/ubuntu/+source/python2.7/2.7.3-5ubuntu4.3
https://launchpad.net/ubuntu/+source/python2.7/2.7.3-0ubuntu3.4

--cECSl91Qpn5TNxlASvXke0EvrGUD7AAEc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSSulVAAoJEGVp2FWnRL6TA1MQAJhLak6+KtdKItVVJQWNmh4t
fxdL4q/BhMWwXHKG+RBmHjgW42K0Dd9AF3xPlnvOeBb8KPJxjMtoSxkcFxq0bBGw
zXIyZUIcL0LocdNm37ncWktlekzFDCK8GJDEmn4JU6X1QjFmsd1MEbHWCMhi79+N
eUem3Z1T8tb4MvIwqmiZc9UdBo9pdVcr8mitEwKXNKBvkiDnGV6PkHGAYO9DB3w4
OIe9zX7eWvZ1m1x2rK4+PDR5JgyIH7dD+KalwSfxwvm9mf1rLEKNEi77buG0vZwW
+9AI3oipcRcbZ5vbXq8uvjM9CKo3H59YUDaqSzE7aPyle1EeprUrDIzJX9pIgPal
4FnGsXbOG4MbwmcTAoNil1n2mGPJXhbwo9/0xt5gbsCgEFVyi8ECktifQoiPT7pl
jnELP0rJP9DRWCDPL/8AsfZbjvCkrk7XPAU5NMpCQYXqqwIIf6gHgCi35PID3jsy
Klc8ch7u6VEkxaxfheQNt+DSGVwKi33YvA9Ij3OAb9fGoOj9D8hxg71e91aqBSaf
uI/MtiPII0X+7aBYQi0EinTWlPgOmS+Q045h5ZMPP/7w1Fd+HWGodw14vo4NHl+y
JGk7yUXhKaK5HypAcKHVTOHVUid9gzWjWd+2w148qyWPgsyEOg9QHYOQ0RCVlCRR
CUxTOVMj5IO3mJqzyTu1
=wQIP
-----END PGP SIGNATURE-----

--cECSl91Qpn5TNxlASvXke0EvrGUD7AAEc--

--===============9163822813244580847==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============9163822813244580847==--