Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Ubuntu 14.04 LTS USN-7015-4: Python Denial Of Service Issues Overview

ubuntu
Calendar Grey October 14, 2024
Scroller Ubuntu
Ubuntu 14.04 LTS features Python updates addressing several security weaknesses, particularly those that could lead to denial of service attacks.
Python could me made to bypass some restrictions if it received specially crafted input.

Summary

Python could me made to bypass some restrictions if it received specially

crafted input.

Software Description:

- python2.7: An interactive high-level object-oriented language

- python3.5: An interactive high-level object-oriented language

Details:

USN-7015-1 fixed several vulnerabilities in Python. This update provides

the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in

Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that the Python email module incorrectly parsed email

addresses that contain special characters. A remote attacker could

possibly use this issue to bypass certain protection mechanisms.

(CVE-2023-27043)

It was discovered that Python allowed excessive backtracking while parsing

certain tarfile headers. A remote attacker could possibly use this issue

to cause Python to consume resources, leading to a denial of service.

(CVE-2024-6232)

It was discovered that the Python email module incorrect...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  python2.7                       2.7.6-8ubuntu0.6+esm20
                                  Available with Ubuntu Pro
  python2.7-minimal               2.7.6-8ubuntu0.6+esm20
                                  Available with Ubuntu Pro
  python3.5                       3.5.2-2ubuntu0~16.04.4~14.04.1+esm3
                                  Available with Ubuntu Pro
  python3.5-minimal               3.5.2-2ubuntu0~16.04.4~14.04.1+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7015-4

https://ubuntu.com/security/notices/USN-7015-3

https://ubuntu.com/security/notices/USN-7015-2

https://ubuntu.com/security/notices/USN-7015-1

CVE-2023-27043

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7015-4

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.