USN-3134-1: Python vulnerabilities Ubuntu Security Notice USN-3134-1 22nd November, 2016 python2.7, python3.2, python3.4, python3.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Python. Software description python2.7 – An interactive high-level object-oriented language python3.2 – An interactive high-level object-oriented language python3.4 – An interactive high-level object-oriented language python3.5 – An interactive high-level object-oriented language Details It was discovered that the smtplib library in Python did not return anerror when StartTLS fails. A remote attacker could possibly use this toexpose sensitive information. (CVE-2016-0772) Rémi Rampin discovered that Python would not protect CGI applicationsfrom contents of the HTTP_PROXY environment variable when based onthe contents of the Proxy header from HTTP requests. A remote attackercould possibly use this to cause a CGI application to [ more… ]