Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 10.04 LTS USN-1982-1 Critical: Python 2.6 Certificate Flaw

Calendar Oct 01, 2013 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory ubuntu man-in-the-middle python certificate issue
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. 
=========================================================================Ubuntu Security Notice USN-1982-1
October 01, 2013

python2.6 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.

Software Description:
- python2.6: An interactive high-level object-oriented language

Details:

Ryan Sleevi discovered that Python did not properly handle certificates
with NULL characters in the Subject Alternative Name field. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
  python2.6                       2.6.5-1ubuntu6.2
  python2.6-minimal               2.6.5-1ubuntu6.2

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1982-1
  CVE-2013-4238

Package Information:
  https://launchpad.net/ubuntu/+source/python2.6/2.6.5-1ubuntu6.2

Ubuntu 10.04 LTS USN-1982-1 Critical: Python 2.6 Certificate Flaw

ubuntu
Calendar Grey October 1, 2013
Dist Ubuntu Esm H88
Counterfeit credentials may jeopardize confidential information online. Upgrade Python 2.6 on Ubuntu 10.04 to minimize vulnerabilities.
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.

Summary

Topics%20covered

Topics Covered

security advisory ubuntu man-in-the-middle python certificate issue

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: python2.6 2.6.5-1ubuntu6.2 python2.6-minimal 2.6.5-1ubuntu6.2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1982-1

CVE-2013-4238

Severity
critical
Lowest
Low
Medium
High
Critical

October 01, 2013

Topics%20covered

Topics Covered

security advisory ubuntu man-in-the-middle python certificate issue

Package Information

https://launchpad.net/ubuntu/+source/python2.6/2.6.5-1ubuntu6.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here