First published: Thu Oct 10 2019(Updated: )
USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3.4-minimal | <3.4.3-1ubuntu1~14.04.7+esm4 | 3.4.3-1ubuntu1~14.04.7+esm4 |
=14.04 | ||
All of | ||
ubuntu/python2.7 | <2.7.6-8ubuntu0.6+esm3 | 2.7.6-8ubuntu0.6+esm3 |
=14.04 | ||
All of | ||
ubuntu/python3.4 | <3.4.3-1ubuntu1~14.04.7+esm4 | 3.4.3-1ubuntu1~14.04.7+esm4 |
=14.04 | ||
All of | ||
ubuntu/python2.7-minimal | <2.7.6-8ubuntu0.6+esm3 | 2.7.6-8ubuntu0.6+esm3 |
=14.04 | ||
All of | ||
ubuntu/python2.7 | <2.7.3-0ubuntu3.15 | 2.7.3-0ubuntu3.15 |
=12.04 | ||
All of | ||
ubuntu/python2.7-minimal | <2.7.3-0ubuntu3.15 | 2.7.3-0ubuntu3.15 |
=12.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this advisory is USN-4151-2.
Python 2.7.6-8ubuntu0.6+esm3, Python 3.4.3-1ubuntu1~14.04.7+esm4, Python 2.7.3-0ubuntu3.15, and Python 3.4.3-1ubuntu1~14.04.7+esm4 are affected by this vulnerability.
The severity of USN-4151-2 is not mentioned in the advisory.
The remedy for this vulnerability is to update the Python packages to the specified versions: Python 2.7.6-8ubuntu0.6+esm3, Python 3.4.3-1ubuntu1~14.04.7+esm4, Python 2.7.3-0ubuntu3.15, or Python 3.4.3-1ubuntu1~14.04.7+esm4.
You can find more information about this vulnerability in the following references: [link1](https://ubuntu.com/security/CVE-2019-16056), [link2](https://ubuntu.com/security/CVE-2019-16935), [link3](https://ubuntu.com/security/notices/USN-4151-1).