You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa lxml

Sigurnosni nedostatak programskog paketa lxml

==========================================================================
Ubuntu Security Notice USN-2217-1
May 21, 2014

lxml vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS

Summary:

lxml could allow cross-site scripting (XSS) attacks.

Software Description:
– lxml: pythonic binding for the libxml2 and libxslt libraries

Details:

It was discovered that the lxml.html.clean module incorrectly stripped
control characters. An attacked could potentially exploit this to conduct
cross-site scripting (XSS) attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
python-lxml 3.3.3-1ubuntu0.1
python3-lxml 3.3.3-1ubuntu0.1

Ubuntu 13.10:
python-lxml 3.2.0-1ubuntu0.1
python3-lxml 3.2.0-1ubuntu0.1

Ubuntu 12.04 LTS:
python-lxml 2.3.2-1ubuntu0.2
python3-lxml 2.3.2-1ubuntu0.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2217-1
CVE-2014-3146

Package Information:
https://launchpad.net/ubuntu/+source/lxml/3.3.3-1ubuntu0.1
https://launchpad.net/ubuntu/+source/lxml/3.2.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/lxml/2.3.2-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTfM5FAAoJEGVp2FWnRL6TuHAP/iBlq1wOfcKKY4TznHoIPbYh
NfnY9GK03rHXgWGTI0Utoaxavl7RvdKyBhQG7RR8k+ofzRFiA/EIgzo3P3iJA80g
/b8nmM6/+i3lLe4IG1dVVwZzFRohf+ksERdNKN6gNh+tr9hyQg0Ruc2jelNWSehj
F9G9hh9TyZN2BEDgh4EEkDomPiusbXm9dvPAaTuo88ozQT/XAR5P9bltoCm7P5m0
CY/eXJLGggowRmD/+w90yTEm+liM6OqHJ/PVwR5E1ZkLXP8pVOSuU+42k+IQ1i8I
jEpEidjjk60gT4KKO/7VhrN75w78NyESfJhnuaXcasGEY0yyfqlpNUvNhWCNtjna
FA1PVLfiVov+pimLY7cnG4jTLUaMm5op5xvyUcK9ubzj4TfE/CZEVlIU6XCP8edw
Muw1WxZ7+5wOufZHB+heYp2LsQBqcFn+C6HsV9dur5EysJkcVGcAySv3TVszxabT
FSDNMhc2UZGbJ4Ljkrz7qnF57vk3PcLci3yK65QZtlzrWkM1oVTvynC1EwL+A96n
oaDbaDvsegD+G3USaOE80Gr6zdiwXNgJHHASFasZeb5Bxw8lm7ky0pNlBYe2vzaZ
AiQma+UKRE85usY9Y+q374gTVFqPV8kFYnqIzxx8pojNyMqPxtomnNcQomnlDw8i
mdU8b39ep2vZWPg3a7MV
=BWq1
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa libxalan2-java

Otkriven je sigurnosni nedostatak u programskom paketu libxalan2-java. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih restrikcija, učitavanje proizvoljnih klasa i...

Close