Ubuntu 1026-1: Python Paste vulnerability

    Date 07 Dec 2010
    90
    Posted By LinuxSecurity Advisories
    It was discovered that Python Paste did not properly sanitize certain strings, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within [More...]
    ===========================================================
    Ubuntu Security Notice USN-1026-1          December 07, 2010
    paste vulnerability
    CVE-2010-2477
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.04 LTS:
      python-paste                    1.7.2-4ubuntu1.2
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    It was discovered that Python Paste did not properly sanitize certain
    strings, resulting in cross-site scripting (XSS) vulnerabilities. With
    cross-site scripting vulnerabilities, if a user were tricked into viewing
    server output during a crafted server request, a remote attacker could
    exploit this to modify the contents, or steal confidential data, within
    the same domain.
    
    
    Updated packages for Ubuntu 10.04 LTS:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/p/paste/paste_1.7.2-4ubuntu1.2.diff.gz
          Size/MD5:     8082 9e724e29311afd6ce7933ac42da6f11f
        https://security.ubuntu.com/ubuntu/pool/main/p/paste/paste_1.7.2-4ubuntu1.2.dsc
          Size/MD5:     2103 d4acd77a7f7d4461c11bc096b9434299
        https://security.ubuntu.com/ubuntu/pool/main/p/paste/paste_1.7.2.orig.tar.gz
          Size/MD5:   373556 a6a58d08dc4bff91d5d1c519d2277f8a
    
      Architecture independent packages:
    
        https://security.ubuntu.com/ubuntu/pool/main/p/paste/python-paste_1.7.2-4ubuntu1.2_all.deb
          Size/MD5:   400764 73601619b0d8077ede5ae8d64c67f50c
    
    
    
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"10","type":"x","order":"1","pct":71.43,"resources":[]},{"id":"121","title":"No ","votes":"4","type":"x","order":"2","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.