==========================================================================
Ubuntu Security Notice USN-7015-4
October 14, 2024

python2.7, python3.5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Python could me made to bypass some restrictions if it received specially
crafted input.

Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language

Details:

USN-7015-1 fixed several vulnerabilities in Python. This update provides
the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in
Ubuntu 14.04 LTS.

Original advisory details:

 It was discovered that the Python email module incorrectly parsed email
 addresses that contain special characters. A remote attacker could
 possibly use this issue to bypass certain protection mechanisms.
 (CVE-2023-27043)
 
 It was discovered that Python allowed excessive backtracking while parsing
 certain tarfile headers. A remote attacker could possibly use this issue
 to cause Python to consume resources, leading to a denial of service.
 (CVE-2024-6232)
 
 It was discovered that the Python email module incorrectly quoted newlines
 for email headers. A remote attacker could possibly use this issue to
 perform header injection. (CVE-2024-6923)
 
 It was discovered that the Python http.cookies module incorrectly handled
 parsing cookies that contained backslashes for quoted characters. A remote
 attacker could possibly use this issue to cause Python to consume
 resources, leading to a denial of service. (CVE-2024-7592)
 
 It was discovered that the Python zipfile module incorrectly handled
 certain malformed zip files. A remote attacker could possibly use this
 issue to cause Python to stop responding, resulting in a denial of
 service. (CVE-2024-8088)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  python2.7                       2.7.6-8ubuntu0.6+esm20
                                  Available with Ubuntu Pro
  python2.7-minimal               2.7.6-8ubuntu0.6+esm20
                                  Available with Ubuntu Pro
  python3.5                       3.5.2-2ubuntu0~16.04.4~14.04.1+esm3
                                  Available with Ubuntu Pro
  python3.5-minimal               3.5.2-2ubuntu0~16.04.4~14.04.1+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7015-4
  https://ubuntu.com/security/notices/USN-7015-3
  https://ubuntu.com/security/notices/USN-7015-2
  https://ubuntu.com/security/notices/USN-7015-1
  CVE-2023-27043

Ubuntu 7015-4: Python Security Advisory Updates

October 14, 2024
Python could me made to bypass some restrictions if it received specially crafted input.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Python could me made to bypass some restrictions if it received specially crafted input. Software Description: - python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Details: USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in Ubuntu 14.04 LTS. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. (CVE-2023-27043) It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, lea...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS python2.7 2.7.6-8ubuntu0.6+esm20 Available with Ubuntu Pro python2.7-minimal 2.7.6-8ubuntu0.6+esm20 Available with Ubuntu Pro python3.5 3.5.2-2ubuntu0~16.04.4~14.04.1+esm3 Available with Ubuntu Pro python3.5-minimal 3.5.2-2ubuntu0~16.04.4~14.04.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7015-4

https://ubuntu.com/security/notices/USN-7015-3

https://ubuntu.com/security/notices/USN-7015-2

https://ubuntu.com/security/notices/USN-7015-1

CVE-2023-27043

Severity
Ubuntu Security Notice USN-7015-4

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved