Sicherheit: Mangelnde Rechteprüfung in Python

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6783333139213329327==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="3BUbGq1KuUqfUjQGFDwYx7a4ZoYE32wTE"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--3BUbGq1KuUqfUjQGFDwYx7a4ZoYE32wTE
Content-Type: multipart/mixed;
boundary="meV5SvsbSSuIerqC6J7Z7GTZbp9TpV5uT";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <e4cd4522-39bf-20c5-ac11-277e6f17f2e3@canonical.com>
Subject: [USN-4973-1] Python vulnerability

--meV5SvsbSSuIerqC6J7Z7GTZbp9TpV5uT
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4973-1
June 01, 2021

python3.8 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS

Summary:

Python could allow unintended access to network services.

Software Description:
- python3.8: An interactive high-level object-oriented language

Details:

It was discovered that the Python stdlib ipaddress API incorrectly handled
octal strings. A remote attacker could possibly use this issue to perform a
wide variety of attacks, including bypassing certain access restrictions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
python3.8 3.8.6-1ubuntu0.3
python3.8-minimal 3.8.6-1ubuntu0.3

Ubuntu 20.04 LTS:
python3.8 3.8.5-1~20.04.3
python3.8-minimal 3.8.5-1~20.04.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4973-1
CVE-2021-29921

Package Information:
https://launchpad.net/ubuntu/+source/python3.8/3.8.6-1ubuntu0.3
https://launchpad.net/ubuntu/+source/python3.8/3.8.5-1~20.04.3

--meV5SvsbSSuIerqC6J7Z7GTZbp9TpV5uT--

--3BUbGq1KuUqfUjQGFDwYx7a4ZoYE32wTE
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmC2MoEACgkQZWnYVadE
vpMhYQ//RK5kpIejiI6MCpoKt4MGpj8/4bKBEvCuWOz6d9ax/cBcWiEkneW+7VT+
agM4MHexO8/B3QrreK0fni5jCjinRyoyHBbVR9MvmYijBcE4yk8y8h620i2YBVmx
B2GRCUpRvBIhFvb5iLs38zpwHrgBB+bUkY7jYcM9/G3wyO4lZ7PRSeqSRrI2pEsg
1OBzDZqmkCOzBnqmqiSihGK7AMUHunZZyrzHtSn7qeFBgL8waxK6/xQGnBWryPA6
+01qYVw8n3RGVU6XFRo198a/Mkq3QKL1OKbS+kRgAbS0ZNC3w12TlK9Mx6bjKmky
hf2yri0X7LndpGdZocjh9dshUFrI4ySuRW35nIMFlnt3sDkXqSmHotzVB+6aS+m0
EyZJOIxXHyVNSbPSBgUXvw9K37VHr3bJcRgvXQYEzLJKnHh+EU/HT1lBz7k4boVM
DaJ7qw+5pVNYLWIOh4R9gE5o4ylot/0XDeyMDzi3CoT+1P5C88DZBVof4aTR3xuN
Sht98QzJ/aBhHuGzuaIvjJWJ8LFJegBYaTEbzs5Kf0fCDGP85+lowjcuoMmtsuzS
HCL9RQF15DCrCCloFsIVNm9jBcm5gCS/WqST0VzSeAKeS9VXZLB9W0wnQ0LBWala
PegTmQY+reqhwi9yq+YGlCy5HHXtNzup5PvIVLjpuRc1UVzqOqk=
=V8Ff
-----END PGP SIGNATURE-----

--3BUbGq1KuUqfUjQGFDwYx7a4ZoYE32wTE--

--===============6783333139213329327==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6783333139213329327==--