You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python

Sigurnosni nedostaci programskog paketa python

by - 0

==========================================================================
Ubuntu Security Notice USN-4151-2
October 10, 2019

python2.7, python3.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Python.

Software Description:
– python2.7: An interactive high-level object-oriented language
– python3.4: An interactive high-level object-oriented language

Details:

USN-4151-1 fixed several vulnerabilities in Python. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Python incorrectly parsed certain email addresses. A
remote attacker could possibly use this issue to trick Python applications
into accepting email addresses that should be denied. (CVE-2019-16056)

It was discovered that the Python documentation XML-RPC server incorrectly
handled certain fields. A remote attacker could use this issue to execute a
cross-site scripting (XSS) attack. (CVE-2019-16935)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
python2.7 2.7.6-8ubuntu0.6+esm3
python2.7-minimal 2.7.6-8ubuntu0.6+esm3
python3.4 3.4.3-1ubuntu1~14.04.7+esm4
python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm4

Ubuntu 12.04 ESM:
python2.7 2.7.3-0ubuntu3.15
python2.7-minimal 2.7.3-0ubuntu3.15

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4151-2
https://usn.ubuntu.com/4151-1
CVE-2019-16056, CVE-2019-16935
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdnzmbAAoJEEW851uECx9pmlgQAJs/2joIdWDHouACu0GvxTTE
3HYiAZGF23gUX7N7i1zdtQdVTqNIAvujIvkD9zz7nxbTfNQdaDRuwogMiR3J/XXT
xulblIkSlPKxuGJI/LGsyiHzbyVK9BtUEDkZDryDgADPrQJR68GAJtatPMw4u+cC
0P7746cs/bIxZVMxTagzdaQdGq2EMklUuuZA7DiY+p4oTBY5R6ideRmJSr9hC/qm
yFNu4xCzjWbT3G6j+gyvPoaXUJI0/0pDIX8AWf96Zdir1XISt/ZfVuf2PIhAPL15
iylajHRTRIEr33leRy8uu8SATC/5lCRTDLqn9oLJ9aZYUwApAN98ejYU8BQbgns4
QF//VgYguRiwXdqmHtcOt3PEGQmmOmw8JusuPGYtLzNH4gBQ7TUsvc8veBTfAMzD
sLNpCyc9M5m6tHPyqoOvKFWK1uEz14QA/toSyv6tCKcK0uuoi6V6QoJT3dpwoT9F
3G1YhhOrcKHJfLee8bfnatsBQzij/lCUHPhnF7Ju47t0m2X4/luItzApgrc+JoXS
uvDuZ5R5Vq3cs5hP3+g9jyGIIu1HCkrKoiNycKbJa3i0NwyMxWDaEhG//fj7XjW9
1UUSE3jxF267SXbTIzw0DGsrgpiw++AOOM+G+/16INyLhFpphqgwQkQK2Faij9Yr
kfkd2pf/fu47Kg20dcl7
=eqjO
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, stjecanje uvećanih ovlasti, izvršavanje...

Close