==========================================================================
Ubuntu Security Notice USN-3496-1
November 28, 2017
python2.7 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Python could be made to run arbitrary code.
Software Description:
– python2.7: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled decoding certain
strings. An attacker could possibly use this issue to execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
python2.7 2.7.13-2ubuntu0.1
python2.7-minimal 2.7.13-2ubuntu0.1
Ubuntu 16.04 LTS:
python2.7 2.7.12-1ubuntu0~16.04.2
python2.7-minimal 2.7.12-1ubuntu0~16.04.2
Ubuntu 14.04 LTS:
python2.7 2.7.6-8ubuntu0.4
python2.7-minimal 2.7.6-8ubuntu0.4
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3496-1
CVE-2017-1000158
Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.13-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.
2
https://launchpad.net/ubuntu/+source/python2.7/2.7.6-8ubuntu0.4
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJaHZEvAAoJEEW851uECx9p/1IQALJePsbmJkNYSgXVS81F4tFX
2PZr4k0VPlMuT0fD5HCWll0SeuMvWvK95jNTQEgTz6pu0JMS2F+52maDpZgPI5Oi
ICdWF7IQRoZxK/Bszr500U12aJPn2h1csiZQuhvqOASHnZQDbuX6FKo1FizpUrfK
HiAtdJX2vyBx/Ilhv3y786cw2SzmiHfYucP9MSBWykDPwwGVbFK+3uP4aoSnpbay
uLZeizddbgUpDgrHpuoIWC4c0E1jf/Y/wjTiZJJdj2b9t6mZvVJ69wIFrlqfHvgC
fNmpeAO2cTIKpyxlspL8NIMe/3/816qvppbdQz4izr+0kwiEa150WEV+yednhRYj
iwfDCyK1MhPuuayQXpOHw2FzM5V2WBm6asU2Ef8Fdqx8bCN7m5TbYQgYVbhL9wy2
A/Foj3gwXxMPGvrWItrn750wtrVx7qieXj8NSRqUzNcZCR2MXzLvEybq0IlcYc0h
xTCu8E1bK1zG5BesNaTEeo71wwqtOX+cboHtuo1lM3XhScnIDd8wi/I3QjLeo/Pm
X4kIuvm34jODNtC5HmNXX0PImLD99WDZ2Hi0447FZNnoQ8PwJ4xerZY8L3o+59ca
ej7FqSJQzgJe1y0Y17NGOkiz0JYOMjUjuQpfIj1eLc4uWItF7O4YINgDCVroY0KU
ttMT0PgL7nE7Riq/Q1nu
=CIf+
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3496-2
November 28, 2017
python2.7 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
Python could be made to run arbitrary code.
Software Description:
– python2.7: An interactive high-level object-oriented language
Details:
USN-3496-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Python incorrectly handled decoding certain
strings. An attacker could possibly use this issue to execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
python2.7 2.7.3-0ubuntu3.10
python2.7-minimal 2.7.3-0ubuntu3.10
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3496-2
https://www.ubuntu.com/usn/usn-3496-1
CVE-2017-1000158
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJaHZr7AAoJEEW851uECx9pwyQP/1cSCdgCsWKtDk7Ol3SFeiP8
WbGqW5Ze18lz7MPEJbzh6RUryulXQdbes0amfzyDj9DqqDJlPnZRcoN2G8OmH9bv
53Cu2qIR/E+Wt5Vl7j/Bs5Bqg3MNySdtx2xRIHXq27bJ8QGlNR2zjXc+fII4CGso
x0dSZ40fPiokVz21J2KCovnEu9p8AuFwwhGlxzDlX3zXU7bDNvmnRYXjhtLySI4d
hYBDcpV3WhxbiKtBwD8fKPo6ZCmjG+On0xdJQtnhSu77JSym9Zvn0XG+ccRMJr1x
LlIr41cMseFRJfGFzX4tNEEqPSJaN27Gta8h8FsnHsGYCXPioDZXXzkMn+naoE2i
MPivupFmdRxb0ApNUMBnvHNeXkJ8ocLINTPH3/LziTBVXm70h2Jyq8GLHuDEUKZL
t7ABEhKqoZZUeVVjCpQc6RcV9/s2sBhxlYTXaSDjDgHH3hFZdaL2agcHaqZhQQY5
T9FEykI6HF/wWlNHGqht7lVUXeuG1bX7k7137BTkFeQMbOkDXtSpWNOmptIXEcfp
WesB4JNOWfsSRpHqtPG7pYV6sIkufr3PcENlBddDX6exAHVrlgeLFtkmw/yowNHD
6gTlZ3Trt+oe+Fy4eYlQrkbm9IUdI0qAsi4fwFQkhBZ+hubwtARdYdhTj+JbV6za
U6yvSdWHvCX2gZwRZfM2
=oXxs
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3496-3
November 28, 2017
python3.4, python3.5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Python could be made to run arbitrary code.
Software Description:
– python3.5: An interactive high-level object-oriented language
– python3.4: An interactive high-level object-oriented language
Details:
USN-3496-1 fixed a vulnerability in Python2.7. This update provides
the corresponding update for versions 3.4 and 3.5.
Original advisory details:
It was discovered that Python incorrectly handled decoding certain
strings. An attacker could possibly use this issue to execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
python3.5 3.5.3-1ubuntu0~17.04.2
python3.5-minimal 3.5.3-1ubuntu0~17.04.2
Ubuntu 16.04 LTS:
python3.5 3.5.2-2ubuntu0~16.04.4
python3.5-minimal 3.5.2-2ubuntu0~16.04.4
Ubuntu 14.04 LTS:
python3.4 3.4.3-1ubuntu1~14.04.6
python3.4-minimal 3.4.3-1ubuntu1~14.04.6
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3496-3
https://www.ubuntu.com/usn/usn-3496-1
CVE-2017-1000158
Package Information:
https://launchpad.net/ubuntu/+source/python3.5/3.5.3-1ubuntu0~17.04.2
https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.4
https://launchpad.net/ubuntu/+source/python3.4/3.4.3-1ubuntu1~14.04.6
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJaHcd6AAoJEEW851uECx9pFBMQAKei6JvYT3SE2C7jTsDzv74z
EXyNlxLwdTm3NG3fG1HVLl0R9cnIDnXU5FM5sDCn996W3cmmZRvKzjWyzG0Otkq4
QfKgxQJxc/4g4s1MV2a+STFs1GGGru5xyPDta7Oe08IT/Eq9SwAzzyOVtwM+4RAt
yiQJ7bNY2cOuKCTjUycf46zQ1AAH7Crjojwbmq84EmniPPsiKmNeYEahiQ9hUQzk
mDxyGcQEQNs7UUxfs8YsdD26IWIQiGKDkyxZDCai4l8lVYCt0MAgkGo7O4ifbCEb
uWcTpnILXq5HuiTGMCqHYQ+PxZdlHcaNOPkXdxdZX3wnV/dXVZDMH4i6VNtAFscn
IUKN74wAbPKNsQfSakY80n+8WuHDpUmeN3pxaMH2B5ZdPdsKzBBytFeHmmXfz+tZ
EbDIXcJ13KgF7OjF4P8zqoRV/tK353rPqdh7MgPUBvugghfKXJOkl64GoqWzI0Ku
KQKNsuGR4AtRafJBO+E7nxB2zBMoj09sqTjS5uxDscEJFPFL9X7RlnscNL7aX5vz
isD82iEC00xL+iZ3qxqXmf2Pd2KQviwamgXgFIRUhpjUM1xuVcXUn0kDjbTCwIF7
MVZvRhvGxFcKAivMD3srHjCyMJJDf/iNVRxR6kO3SxIK/AiTQUvxB8/vfTBZ+9LT
0am7/CFrPEqcGgqCd0lg
=tD2P
—–END PGP SIGNATURE—–
—