USN-3817-1: Python vulnerabilities

USN-3817-1: Python vulnerabilities

python2.7, python3.4, python3.5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Python.

Software Description

  • python2.7 – An interactive high-level object-oriented language
  • python3.5 – An interactive high-level object-oriented language
  • python3.4 – An interactive high-level object-oriented language

Details

It was discovered that Python incorrectly handled large amounts of data. A
remote attacker could use this issue to cause Python to crash, resulting in
a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030)

It was discovered that Python incorrectly handled running external commands
in the shutil module. A remote attacker could use this issue to cause
Python to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2018-1000802)

It was discovered that Python incorrectly used regular expressions
vulnerable to catastrophic backtracking. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060, CVE-2018-1061)

It was discovered that Python failed to initialize Expat’s hash salt. A
remote attacker could possibly use this issue to cause hash collisions,
leading to a denial of service. (CVE-2018-14647)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
python2.72.7.15~rc1-1ubuntu0.1
python2.7-minimal2.7.15~rc1-1ubuntu0.1
Ubuntu 16.04 LTS
python2.72.7.12-1ubuntu0~16.04.4
python2.7-minimal2.7.12-1ubuntu0~16.04.4
python3.53.5.2-2ubuntu0~16.04.5
python3.5-minimal3.5.2-2ubuntu0~16.04.5
Ubuntu 14.04 LTS
python2.72.7.6-8ubuntu0.5
python2.7-minimal2.7.6-8ubuntu0.5
python3.43.4.3-1ubuntu1~14.04.7
python3.4-minimal3.4.3-1ubuntu1~14.04.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Source: USN-3817-1: Python vulnerabilities

About KENNETH 19694 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.