Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Ubuntu 14.04 LTS USN-7015-4: Python Denial Of Service Issues Overview

Calendar Oct 14, 2024 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory DoS Ubuntu Python module issues
Python could me made to bypass some restrictions if it received specially crafted input. 
==========================================================================
Ubuntu Security Notice USN-7015-4
October 14, 2024

python2.7, python3.5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Python could me made to bypass some restrictions if it received specially
crafted input.

Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language

Details:

USN-7015-1 fixed several vulnerabilities in Python. This update provides
the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in
Ubuntu 14.04 LTS.

Original advisory details:

 It was discovered that the Python email module incorrectly parsed email
 addresses that contain special characters. A remote attacker could
 possibly use this issue to bypass certain protection mechanisms.
 (CVE-2023-27043)
 
 It was discovered that Python allowed excessive backtracking while parsing
 certain tarfile headers. A remote attacker could possibly use this issue
 to cause Python to consume resources, leading to a denial of service.
 (CVE-2024-6232)
 
 It was discovered that the Python email module incorrectly quoted newlines
 for email headers. A remote attacker could possibly use this issue to
 perform header injection. (CVE-2024-6923)
 
 It was discovered that the Python http.cookies module incorrectly handled
 parsing cookies that contained backslashes for quoted characters. A remote
 attacker could possibly use this issue to cause Python to consume
 resources, leading to a denial of service. (CVE-2024-7592)
 
 It was discovered that the Python zipfile module incorrectly handled
 certain malformed zip files. A remote attacker could possibly use this
 issue to cause Python to stop responding, resulting in a denial of
 service. (CVE-2024-8088)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  python2.7                       2.7.6-8ubuntu0.6+esm20
                                  Available with Ubuntu Pro
  python2.7-minimal               2.7.6-8ubuntu0.6+esm20
                                  Available with Ubuntu Pro
  python3.5                       3.5.2-2ubuntu0~16.04.4~14.04.1+esm3
                                  Available with Ubuntu Pro
  python3.5-minimal               3.5.2-2ubuntu0~16.04.4~14.04.1+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7015-4
  https://ubuntu.com/security/notices/USN-7015-3
  https://ubuntu.com/security/notices/USN-7015-2
  https://ubuntu.com/security/notices/USN-7015-1
  CVE-2023-27043

Ubuntu 14.04 LTS USN-7015-4: Python Denial Of Service Issues Overview

ubuntu
Calendar Grey October 14, 2024
Dist Ubuntu Esm H88
Ubuntu 14.04 LTS features Python updates addressing several security weaknesses, particularly those that could lead to denial of service attacks.
Python could me made to bypass some restrictions if it received specially crafted input.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Python could me made to bypass some restrictions if it received specially crafted input. Software Description: - python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Details: USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in Ubuntu 14.04 LTS. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. (CVE-2023-27043) It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, lea...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory DoS Ubuntu Python module issues

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS python2.7 2.7.6-8ubuntu0.6+esm20 Available with Ubuntu Pro python2.7-minimal 2.7.6-8ubuntu0.6+esm20 Available with Ubuntu Pro python3.5 3.5.2-2ubuntu0~16.04.4~14.04.1+esm3 Available with Ubuntu Pro python3.5-minimal 3.5.2-2ubuntu0~16.04.4~14.04.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7015-4

https://ubuntu.com/security/notices/USN-7015-3

https://ubuntu.com/security/notices/USN-7015-2

https://ubuntu.com/security/notices/USN-7015-1

CVE-2023-27043

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7015-4

Topics%20covered

Topics Covered

security advisory DoS Ubuntu Python module issues

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here