You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python2.7

Sigurnosni nedostaci programskog paketa python2.7

==========================================================================
Ubuntu Security Notice USN-3817-2
November 15, 2018

python2.7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Python.

Software Description:
– python2.7: An interactive high-level object-oriented language

Details:

USN-3817-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that Python incorrectly handled large amounts of
 data. A remote attacker could use this issue to cause Python to crash,
 resulting in a denial of service, or possibly execute arbitrary code.
 (CVE-2018-1000030)

 It was discovered that Python incorrectly handled running external
 commands in the shutil module. A remote attacker could use this issue
 to cause Python to crash, resulting in a denial of service, or
 possibly execute arbitrary code. (CVE-2018-1000802)

 It was discovered that Python incorrectly used regular expressions
 vulnerable to catastrophic backtracking. A remote attacker could
 possibly use this issue to cause a denial of service. (CVE-2018-1060,
 CVE-2018-1061)

 It was discovered that Python failed to initialize Expat’s hash salt.
 A remote attacker could possibly use this issue to cause hash
 collisions, leading to a denial of service. (CVE-2018-14647)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  python2.7                       2.7.3-0ubuntu3.11
  python2.7-minimal               2.7.3-0ubuntu3.11

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3817-2
  https://usn.ubuntu.com/usn/usn-3817-1
  CVE-2018-1000030, CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061,
  CVE-2018-14647—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJb7YiWAAoJEEW851uECx9pYWAP/RbW5Zr0HkTRBQyyaGgWgltl
bvdB1yTyt4aPCY+kCOuXMvxv+9QCZ23dOgwbwbuppT/lXEj7Sv2s1NY5U/ud31OU
Nin83Dd5gyTEjjQMpnn5wC0jPLxitfJrK4oMI5dPnk7ZBy77fvlIHnW+A9oojo+J
fhFuQKIHtJRJ0KA+n2yG/6/dHQwImib+ttWCdznZvtci88wU+vmENmeoisa2CuXl
S9W+hcv6geqJHftbsfbuVp9FhHwrnbJkVWCFsNxdywEKtyMo13SXHZiUkmD2ZKiV
iSOCoJrZNCXBEGMX4AxTzYqoCJiaABClSnnfVI4mIeNWx/d7TLffy7k5KkizknWq
3ISy9HF/Wja0MY9EwPuuw2zX6jV8HmQjYRUY3Tte77555P9sLtVS8Fe+3Afjmrth
9ZUjFgwMTYCXesW/XwI33XGUhPV5h5Ude9dMqbcUQs6eVG81kjml5ygEbwG1ymo3
3IcSLHme40jE1TKVtBXd1zTU6XlbemHi7kcUSKKgAfLsWolLTWdGnrpDSF9yRKtB
TLPR0XJM7BhDDAOV+SrGyykfxdK9sLvxBuzCy1ih0SwOm0Nw1MSm0wjP8hh3ex2i
S9fxNj6v9bjc/ielMVlbzx4Uqmtixk8FNdbyaBlB1IBYoJ8N8VdmGhl6MkVqanGd
JLYKCW14/EqqzTpzG1sO
=G7SY
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda...

Close