Ubuntu 1026-1: Python Paste vulnerability

    Date07 Dec 2010
    CategoryUbuntu
    45
    Posted ByLinuxSecurity Advisories
    It was discovered that Python Paste did not properly sanitize certain strings, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within [More...]
    ===========================================================
    Ubuntu Security Notice USN-1026-1          December 07, 2010
    paste vulnerability
    CVE-2010-2477
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.04 LTS:
      python-paste                    1.7.2-4ubuntu1.2
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    It was discovered that Python Paste did not properly sanitize certain
    strings, resulting in cross-site scripting (XSS) vulnerabilities. With
    cross-site scripting vulnerabilities, if a user were tricked into viewing
    server output during a crafted server request, a remote attacker could
    exploit this to modify the contents, or steal confidential data, within
    the same domain.
    
    
    Updated packages for Ubuntu 10.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/paste/paste_1.7.2-4ubuntu1.2.diff.gz
          Size/MD5:     8082 9e724e29311afd6ce7933ac42da6f11f
        http://security.ubuntu.com/ubuntu/pool/main/p/paste/paste_1.7.2-4ubuntu1.2.dsc
          Size/MD5:     2103 d4acd77a7f7d4461c11bc096b9434299
        http://security.ubuntu.com/ubuntu/pool/main/p/paste/paste_1.7.2.orig.tar.gz
          Size/MD5:   373556 a6a58d08dc4bff91d5d1c519d2277f8a
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/paste/python-paste_1.7.2-4ubuntu1.2_all.deb
          Size/MD5:   400764 73601619b0d8077ede5ae8d64c67f50c
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.