Sicherheit: Redirect auf beliebige Seite in Python

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4632297114834967477==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------n4oS0lOtku8zuqhw0I3EpNP6"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------n4oS0lOtku8zuqhw0I3EpNP6
Content-Type: multipart/mixed;
boundary="------------IpoXoNuT0sUvalsno0S06ROy";
protected-headers="v1"
From: Ian Constantin <ian.constantin@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <491bf056-3435-aa3b-ba95-a9ebec6d968e@canonical.com>
Subject: [USN-5629-1] Python vulnerability

--------------IpoXoNuT0sUvalsno0S06ROy
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-5629-1
September 22, 2022

python3.5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Python could be made to redirect web traffic if its http.server
received a specially crafted request.

Software Description:
- python3.5: An interactive high-level object-oriented language

Details:

It was discovered that the Python http.server module incorrectly handled
certain URIs. An attacker could potentially use this to redirect web
traffic.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
libpython3.5 3.5.2-2ubuntu0~16.04.13+esm5
libpython3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5
libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.13+esm5
python3.5 3.5.2-2ubuntu0~16.04.13+esm5
python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm5

After a standard system update you need to restart the python3
http.server to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5629-1
CVE-2021-28861
--------------IpoXoNuT0sUvalsno0S06ROy--

--------------n4oS0lOtku8zuqhw0I3EpNP6
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmMsuikACgkQa1+PL+d1
/Ehq8Qv/Vp+flwnYmQgKxBmefd/1xbiF4pt2LQzHsnhXgO0H3Tp3knTlvkPTlZHv
XCN4zalste83pYSIncK7cR6YYRBK1HFmMRGaJQSjVrwf3xCFOc1rUwOZbk5l36E1
3e5N3tBpYTcn8ccmGnBoSTCNFLsKmLVsLU+W42GY5auSPAyTCcR9M6YbBp5aL5oO
XabYM/sAFVdGWkGp7Ndt46tPJOByHv7QrPWyR5TcRzrfHjzBjpIRWvUNDSC9IqBq
S92U8nAiKjRiCp+OZ/Mb0Tw+7O5UbRKAz6dGUT6nOEA8PFLSo7zEh45vt6XKgYwG
+IcEuG/LTdFaeFfnhCsL4fJVOZOgteIkj8AiiKnClAYcm/AxNCy5BP/3j833BWaA
ZRoubnTL0aTkwBSWRmHEXHugPz4tCGtSI7Clo8qQXc4LuUqnqd5nnmzpEpUHJm2C
XBqCRybpotHFi9BwepfrbywhRSHP1GAwmVYvGjxZLC97SUfuw3c95jpxKqXQ+O0R
g0RH1cwp
=Qdgy
-----END PGP SIGNATURE-----

--------------n4oS0lOtku8zuqhw0I3EpNP6--

--===============4632297114834967477==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============4632297114834967477==--