First published: Wed Oct 09 2019(Updated: )
It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python2.7 | <2.7.16-2ubuntu0.2 | 2.7.16-2ubuntu0.2 |
=19.04 | ||
All of | ||
ubuntu/python2.7-minimal | <2.7.16-2ubuntu0.2 | 2.7.16-2ubuntu0.2 |
=19.04 | ||
All of | ||
ubuntu/python3.7 | <3.7.3-2ubuntu0.2 | 3.7.3-2ubuntu0.2 |
=19.04 | ||
All of | ||
ubuntu/python3.7-minimal | <3.7.3-2ubuntu0.2 | 3.7.3-2ubuntu0.2 |
=19.04 | ||
All of | ||
ubuntu/python2.7 | <2.7.15-4ubuntu4~18.04.2 | 2.7.15-4ubuntu4~18.04.2 |
=18.04 | ||
All of | ||
ubuntu/python2.7-minimal | <2.7.15-4ubuntu4~18.04.2 | 2.7.15-4ubuntu4~18.04.2 |
=18.04 | ||
All of | ||
ubuntu/python3.6 | <3.6.8-1~18.04.3 | 3.6.8-1~18.04.3 |
=18.04 | ||
All of | ||
ubuntu/python3.6-minimal | <3.6.8-1~18.04.3 | 3.6.8-1~18.04.3 |
=18.04 | ||
All of | ||
ubuntu/python2.7 | <2.7.12-1ubuntu0~16.04.9 | 2.7.12-1ubuntu0~16.04.9 |
=16.04 | ||
All of | ||
ubuntu/python2.7-minimal | <2.7.12-1ubuntu0~16.04.9 | 2.7.12-1ubuntu0~16.04.9 |
=16.04 | ||
All of | ||
ubuntu/python3.5 | <3.5.2-2ubuntu0~16.04.9 | 3.5.2-2ubuntu0~16.04.9 |
=16.04 | ||
All of | ||
ubuntu/python3.5-minimal | <3.5.2-2ubuntu0~16.04.9 | 3.5.2-2ubuntu0~16.04.9 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is USN-4151-1.
The severity of USN-4151-1 is not specified.
USN-4151-1 impacts Python by allowing remote attackers to trick Python applications into accepting email addresses that should be denied.
The affected software of USN-4151-1 includes Python 2.7.16-2ubuntu0.2, Python 2.7.15-4ubuntu4~18.04.2, Python 3.7.3-2ubuntu0.2, Python 3.6.8-1~18.04.3, Python 2.7.12-1ubuntu0~16.04.9, Python 3.5.2-2ubuntu0~16.04.9 and their corresponding minimal versions.
To fix USN-4151-1, you should update the affected Python packages to the specified versions provided by Ubuntu.