First published: Fri Nov 22 2024(Updated: )
USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. (CVE-2023-27043) It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. (CVE-2024-6232) It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. (CVE-2024-6923) It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. (CVE-2024-7592) It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service. (CVE-2024-8088)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python2.7 | <2.7.18-13ubuntu1.4 | 2.7.18-13ubuntu1.4 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/python2.7-minimal | <2.7.18-13ubuntu1.4 | 2.7.18-13ubuntu1.4 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/python2.7 | <2.7.18-1~20.04.6 | 2.7.18-1~20.04.6 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/python2.7-minimal | <2.7.18-1~20.04.6 | 2.7.18-1~20.04.6 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/python2.7 | <2.7.17-1~18.04ubuntu1.13+esm8 | 2.7.17-1~18.04ubuntu1.13+esm8 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/python2.7-minimal | <2.7.17-1~18.04ubuntu1.13+esm8 | 2.7.17-1~18.04ubuntu1.13+esm8 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/python2.7 | <2.7.12-1ubuntu0~16.04.18+esm13 | 2.7.12-1ubuntu0~16.04.18+esm13 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/python2.7-minimal | <2.7.12-1ubuntu0~16.04.18+esm13 | 2.7.12-1ubuntu0~16.04.18+esm13 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/python2.7 | <2.7.6-8ubuntu0.6+esm22 | 2.7.6-8ubuntu0.6+esm22 |
Ubuntu Ubuntu | =14.04 | |
All of | ||
ubuntu/python2.7-minimal | <2.7.6-8ubuntu0.6+esm22 | 2.7.6-8ubuntu0.6+esm22 |
Ubuntu Ubuntu | =14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.