drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Redirect auf beliebige Seite in Python
Name: |
Redirect auf beliebige Seite in Python |
|
ID: |
USN-5629-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 ESM |
|
Datum: |
Do, 22. September 2022, 21:54 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861 |
|
Applikationen: |
Python |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4632297114834967477== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------n4oS0lOtku8zuqhw0I3EpNP6"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------n4oS0lOtku8zuqhw0I3EpNP6 Content-Type: multipart/mixed; boundary="------------IpoXoNuT0sUvalsno0S06ROy"; protected-headers="v1" From: Ian Constantin <ian.constantin@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <491bf056-3435-aa3b-ba95-a9ebec6d968e@canonical.com> Subject: [USN-5629-1] Python vulnerability
--------------IpoXoNuT0sUvalsno0S06ROy Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5629-1 September 22, 2022
python3.5 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Python could be made to redirect web traffic if its http.server received a specially crafted request.
Software Description: - python3.5: An interactive high-level object-oriented language
Details:
It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: libpython3.5 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5 libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.13+esm5 python3.5 3.5.2-2ubuntu0~16.04.13+esm5 python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5
After a standard system update you need to restart the python3 http.server to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5629-1 CVE-2021-28861 --------------IpoXoNuT0sUvalsno0S06ROy--
--------------n4oS0lOtku8zuqhw0I3EpNP6 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmMsuikACgkQa1+PL+d1 /Ehq8Qv/Vp+flwnYmQgKxBmefd/1xbiF4pt2LQzHsnhXgO0H3Tp3knTlvkPTlZHv XCN4zalste83pYSIncK7cR6YYRBK1HFmMRGaJQSjVrwf3xCFOc1rUwOZbk5l36E1 3e5N3tBpYTcn8ccmGnBoSTCNFLsKmLVsLU+W42GY5auSPAyTCcR9M6YbBp5aL5oO XabYM/sAFVdGWkGp7Ndt46tPJOByHv7QrPWyR5TcRzrfHjzBjpIRWvUNDSC9IqBq S92U8nAiKjRiCp+OZ/Mb0Tw+7O5UbRKAz6dGUT6nOEA8PFLSo7zEh45vt6XKgYwG +IcEuG/LTdFaeFfnhCsL4fJVOZOgteIkj8AiiKnClAYcm/AxNCy5BP/3j833BWaA ZRoubnTL0aTkwBSWRmHEXHugPz4tCGtSI7Clo8qQXc4LuUqnqd5nnmzpEpUHJm2C XBqCRybpotHFi9BwepfrbywhRSHP1GAwmVYvGjxZLC97SUfuw3c95jpxKqXQ+O0R g0RH1cwp =Qdgy -----END PGP SIGNATURE-----
--------------n4oS0lOtku8zuqhw0I3EpNP6--
--===============4632297114834967477== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============4632297114834967477==--
|
|
|
|