Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Python.
Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.4: An interactive high-level object-oriented language
- python3.2: An interactive high-level object-oriented language
Details:
It was discovered that multiple Python protocol libraries incorrectly
limited certain data when connecting to servers. A malicious ftp, http,
imap, nntp, pop or smtp server could use this issue to cause a denial of
service. (CVE-2013-1752)
It was discovered that the Python xmlrpc library did not limit unpacking
gzip-compressed HTTP bodies. A malicious server could use this issue to
cause a denial of service. (CVE-2013-1753)
It was discovered that the Python json module incorrectly handled a certain
argument. An attacker could possibly use this issue to read arbitrary
memory and expose sensitive information. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)
It...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: python2.7 2.7.8-10ubuntu1.1 python2.7-minimal 2.7.8-10ubuntu1.1 python3.4 3.4.2-1ubuntu0.1 python3.4-minimal 3.4.2-1ubuntu0.1 Ubuntu 14.04 LTS: python2.7 2.7.6-8ubuntu0.2 python2.7-minimal 2.7.6-8ubuntu0.2 python3.4 3.4.0-2ubuntu1.1 python3.4-minimal 3.4.0-2ubuntu1.1 Ubuntu 12.04 LTS: python2.7 2.7.3-0ubuntu3.8 python2.7-minimal 2.7.3-0ubuntu3.8 python3.2 3.2.3-0ubuntu3.7 python3.2-minimal 3.2.3-0ubuntu3.7 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-2653-1
CVE-2013-1752, CVE-2013-1753, CVE-2014-4616, CVE-2014-4650,
CVE-2014-7185
Get the latest Linux and open source security news straight to your inbox.