Ubuntu 16.04 LTS Python Issues USN-3134-1 Moderate Remote Threat
Nov 22, 2016
•
LinuxSecurity Advisories
2 - 4 min read
Topics Covered
Several security issues were fixed in Python.
=========================================================================Ubuntu Security Notice USN-3134-1 November 22, 2016 python2.7, python3.2, python3.4, python3.5 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Python. Software Description: - python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Details: It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772) Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. (CVE-2016-1000110) Insu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. (CVE-2016-5636) Guido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5699) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libpython2.7 2.7.12-1ubuntu0~16.04.1 libpython2.7-minimal 2.7.12-1ubuntu0~16.04.1 libpython2.7-stdlib 2.7.12-1ubuntu0~16.04.1 libpython3.5 3.5.2-2ubuntu0~16.04.1 libpython3.5-minimal 3.5.2-2ubuntu0~16.04.1 libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.1 python2.7 2.7.12-1ubuntu0~16.04.1 python2.7-minimal 2.7.12-1ubuntu0~16.04.1 python3.5 3.5.2-2ubuntu0~16.04.1 python3.5-minimal 3.5.2-2ubuntu0~16.04.1 Ubuntu 14.04 LTS: libpython2.7 2.7.6-8ubuntu0.3 libpython2.7-minimal 2.7.6-8ubuntu0.3 libpython2.7-stdlib 2.7.6-8ubuntu0.3 libpython3.4 3.4.3-1ubuntu1~14.04.5 libpython3.4-minimal 3.4.3-1ubuntu1~14.04.5 libpython3.4-stdlib 3.4.3-1ubuntu1~14.04.5 python2.7 2.7.6-8ubuntu0.3 python2.7-minimal 2.7.6-8ubuntu0.3 python3.4 3.4.3-1ubuntu1~14.04.5 python3.4-minimal 3.4.3-1ubuntu1~14.04.5 Ubuntu 12.04 LTS: libpython2.7 2.7.3-0ubuntu3.9 libpython3.2 3.2.3-0ubuntu3.8 python2.7 2.7.3-0ubuntu3.9 python2.7-minimal 2.7.3-0ubuntu3.9 python3.2 3.2.3-0ubuntu3.8 python3.2-minimal 3.2.3-0ubuntu3.8 After a standard system update you need to restart any Python applications to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3134-1 CVE-2016-0772, CVE-2016-1000110, CVE-2016-5636, CVE-2016-5699 Package Information: https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.1 https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.1 https://launchpad.net/ubuntu/+source/python2.7/2.7.6-8ubuntu0.3 https://launchpad.net/ubuntu/+source/python3.4/3.4.3-1ubuntu1~14.04.5 https://launchpad.net/ubuntu/+source/python2.7/2.7.3-0ubuntu3.9 https://launchpad.net/ubuntu/+source/python3.2/3.2.3-0ubuntu3.8
PREVIOUS
NEXT
Ubuntu 16.04 LTS Python Issues USN-3134-1 Moderate Remote Threat
ubuntu
November 22, 2016
Several security issues were fixed in Python.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libpython2.7 2.7.12-1ubuntu0~16.04.1 libpython2.7-minimal 2.7.12-1ubuntu0~16.04.1 libpython2.7-stdlib 2.7.12-1ubuntu0~16.04.1 libpython3.5 3.5.2-2ubuntu0~16.04.1 libpython3.5-minimal 3.5.2-2ubuntu0~16.04.1 libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.1 python2.7 2.7.12-1ubuntu0~16.04.1 python2.7-minimal 2.7.12-1ubuntu0~16.04.1 python3.5 3.5.2-2ubuntu0~16.04.1 python3.5-minimal 3.5.2-2ubuntu0~16.04.1 Ubuntu 14.04 LTS: libpython2.7 2.7.6-8ubuntu0.3 libpython2.7-minimal 2.7.6-8ubuntu0.3 libpython2.7-stdlib 2.7.6-8ubuntu0.3 libpython3.4 3.4.3-1ubuntu1~14.04.5 libpython3.4-minimal 3.4.3-1ubuntu1~14.04.5 libpython3.4-stdlib 3.4.3-1ubuntu1~14.04.5 python2.7 2.7.6-8ubuntu0.3 python2.7-minimal 2.7.6-8ubuntu0.3 python3.4 3.4.3-1ubuntu1~14.04.5 python3.4-minimal 3.4.3-1ubuntu1~14.04.5 Ubuntu 12.04 LTS: libpython2.7 2.7.3-0ubuntu3.9 libpython3.2 3.2.3-0ubuntu3.8 python2.7 2.7.3-0ubuntu3.9 python2.7-minimal 2.7.3-0ubuntu3.9 python3.2 3.2.3-0ubuntu3.8 python3.2-minimal 3.2.3-0ubuntu3.8 After a standard system update you need to restart any Python applications to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-3134-1
CVE-2016-0772, CVE-2016-1000110, CVE-2016-5636, CVE-2016-5699
Severity
important
Lowest
Low
Medium
High
Critical
November 22, 2016
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.1 https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.1 https://launchpad.net/ubuntu/+source/python2.7/2.7.6-8ubuntu0.3 https://launchpad.net/ubuntu/+source/python3.4/3.4.3-1ubuntu1~14.04.5 https://launchpad.net/ubuntu/+source/python2.7/2.7.3-0ubuntu3.9 https://launchpad.net/ubuntu/+source/python3.2/3.2.3-0ubuntu3.8
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!