Ubuntu Security Notice USN-7015-4 ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[19] Download^[20]

==========================================================================
Ubuntu Security Notice USN-7015-4
October 14, 2024
python2.7, python3.5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Python could me made to bypass some restrictions if it received specially
crafted input.
Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
Details:
USN-7015-1 fixed several vulnerabilities in Python. This update provides
the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in
Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of
service. (CVE-2024-8088)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
python2.7                       2.7.6-8ubuntu0.6+esm20
Available with Ubuntu Pro
python2.7-minimal               2.7.6-8ubuntu0.6+esm20
Available with Ubuntu Pro
python3.5                       3.5.2-2ubuntu0~16.04.4~14.04.1+esm3
Available with Ubuntu Pro
python3.5-minimal               3.5.2-2ubuntu0~16.04.4~14.04.1+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7015-4
https://ubuntu.com/security/notices/USN-7015-3
https://ubuntu.com/security/notices/USN-7015-2
https://ubuntu.com/security/notices/USN-7015-1
CVE-2023-27043

• Follow us on Twitter^[23]
• Follow us on Facebook^[24]
• Subscribe to an RSS Feed^[25]

File Tags

• ActiveX^[26] (933)
• Advisory^[27] (87,165)
• Arbitrary^[28] (17,149)
• BBS^[29] (2,859)
• Bypass^[30] (1,934)
• CGI^[31] (1,049)
• Code Execution^[32] (7,950)
• Conference^[33] (693)
• Cracker^[34] (845)
• CSRF^[35] (3,440)
• DoS^[36] (25,346)
• Encryption^[37] (2,396)
• Exploit^[38] (54,429)
• File Inclusion^[39] (4,279)
• File Upload^[40] (1,027)
• Firewall^[41] (822)
• Info Disclosure^[42] (2,930)
• Intrusion Detection^[43] (923)
• Java^[44] (3,156)
• JavaScript^[45] (910)
• Kernel^[46] (7,324)
• Local^[47] (14,874)
• Magazine^[48] (587)
• Overflow^[49] (13,235)
• Perl^[50] (1,435)
• PHP^[51] (5,315)
• Proof of Concept^[52] (2,417)
• Protocol^[53] (3,757)
• Python^[54] (1,668)
• Remote^[55] (31,956)
• Root^[56] (3,676)
• Rootkit^[57] (530)
• Ruby^[58] (644)
• Scanner^[59] (1,660)
• Security Tool^[60] (8,060)
• Shell^[61] (3,319)
• Shellcode^[62] (1,219)
• Sniffer^[63] (905)
• Spoof^[64] (2,297)
• SQL Injection^[65] (16,743)
• TCP^[66] (2,463)
• Trojan^[67] (690)
• UDP^[68] (919)
• Virus^[69] (675)
• Vulnerability^[70] (33,168)
• Web^[71] (10,160)
• Whitepaper^[72] (3,785)
• x86^[73] (970)
• XSS^[74] (18,312)
• Other^[75]

File Archives

• October 2024^[76]
• September 2024^[77]
• August 2024^[78]
• July 2024^[79]
• June 2024^[80]
• May 2024^[81]
• April 2024^[82]
• March 2024^[83]
• February 2024^[84]
• January 2024^[85]
• December 2023^[86]
• November 2023^[87]
• Older^[88]

Systems

• AIX^[89] (430)
• Apple^[90] (2,117)
• BSD^[91] (378)
• CentOS^[92] (61)
• Cisco^[93] (1,954)
• Debian^[94] (7,143)
• Fedora^[95] (1,693)
• FreeBSD^[96] (1,247)
• Gentoo^[97] (4,599)
• HPUX^[98] (881)
• iOS^[99] (391)
• iPhone^[100] (108)
• IRIX^[101] (220)
• Juniper^[102] (71)
• Linux^[103] (51,538)
• Mac OS X^[104] (696)
• Mandriva^[105] (3,105)
• NetBSD^[106] (256)
• OpenBSD^[107] (490)
• RedHat^[108] (17,026)
• Slackware^[109] (941)
• Solaris^[110] (1,615)
• SUSE^[111] (1,444)
• Ubuntu^[112] (9,918)
• UNIX^[113] (9,469)
• UnixWare^[114] (188)
• Windows^[115] (6,784)
• Other^[116]

© 2024 Packet Storm. All rights reserved.

Read more https://packetstormsecurity.com/files/182179/USN-7015-4.txt