Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

python2.7 vulnerabilities

Related Vulnerabilities: CVE-2011-1521   CVE-2011-4940   CVE-2011-4944   CVE-2012-0845   CVE-2012-1150  

Several security issues were fixed in Python 2.7.

Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521)

Source

2 October 2012

python2.7 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04

Summary

Several security issues were fixed in Python 2.7.

Software Description

  • python2.7 - An interactive high-level object-oriented language (version 2.7)

Details

Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521)

It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)

It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)

It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)

It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the ‘-R’ command line option and honors setting the PYTHONHASHSEED environment variable to ‘random’ to salt str and datetime objects with an unpredictable value. (CVE-2012-1150)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10
python2.7 - 2.7.2-5ubuntu1.1
python2.7-minimal - 2.7.2-5ubuntu1.1
Ubuntu 11.04
python2.7 - 2.7.1-5ubuntu2.2
python2.7-minimal - 2.7.1-5ubuntu2.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started