En

Ubuntu - Python vulnerability (2020-10-14)

来源:Ubuntu官网 发布日期:2020-10-14 阅读次数:3258 评论:0

基本信息

发布日期:2020-10-14(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2020-10-15 01:32:37

风险等级:未知

情报贡献:TSRC

更新标题

USN-4581-1: Python vulnerability

更新详情

python2.7, python3.4, python3.5, python3.6 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Ubuntu 12.04 ESM
Summary
Python could be used to perform a CRLF injection if it received a specially crafted request.
Software Description
python2.7 - An interactive high-level object-oriented language
python3.6 - An interactive high-level object-oriented language
python3.5 - An interactive high-level object-oriented language
python3.4 - An interactive high-level object-oriented language
Details
It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS
python2.7 - 2.7.17-1~18.04ubuntu1.2
python2.7-minimal - 2.7.17-1~18.04ubuntu1.2
python3.6 - 3.6.9-1~18.04ubuntu1.3
python3.6-minimal - 3.6.9-1~18.04ubuntu1.3
Ubuntu 16.04 LTS
python2.7 - 2.7.12-1ubuntu0~16.04.13
python2.7-minimal - 2.7.12-1ubuntu0~16.04.13
python3.5 - 3.5.2-2ubuntu0~16.04.12
python3.5-minimal - 3.5.2-2ubuntu0~16.04.12
Ubuntu 14.04 ESM
python2.7 - 2.7.6-8ubuntu0.6+esm7
python2.7-minimal - 2.7.6-8ubuntu0.6+esm7
python3.4 - 3.4.3-1ubuntu1~14.04.7+esm8
python3.4-minimal - 3.4.3-1ubuntu1~14.04.7+esm8
Ubuntu 12.04 ESM
python2.7 - 2.7.3-0ubuntu3.19
python2.7-minimal - 2.7.3-0ubuntu3.19
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
CVE-2020-26116
]]>

软件描述

Ubuntu是一个以桌面应用为主的Linux操作系统

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入