Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1982-1] Python 2.6 vulnerability (Marc Deslauriers)
2. [USN-1983-1] Python 2.7 vulnerabilities (Marc Deslauriers)
3. [USN-1984-1] Python 3.2 vulnerabilities (Marc Deslauriers)
4. [USN-1985-1] Python 3.3 vulnerabilities (Marc Deslauriers)
5. [USN-1986-1] Network Audio System (NAS) vulnerabilities
(Marc Deslauriers)
----------------------------------------------------------------------
Message: 1
Date: Tue, 01 Oct 2013 11:24:46 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1982-1] Python 2.6 vulnerability
Message-ID: <524AE93E.9010204@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1982-1
October 01, 2013
python2.6 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.
Software Description:
- python2.6: An interactive high-level object-oriented language
Details:
Ryan Sleevi discovered that Python did not properly handle certificates
with NULL characters in the Subject Alternative Name field. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
python2.6 2.6.5-1ubuntu6.2
python2.6-minimal 2.6.5-1ubuntu6.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1982-1
CVE-2013-4238
Package Information:
https://launchpad.net/ubuntu/+source/python2.6/2.6.5-1ubuntu6.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20131001/9e9f3dff/attachment-0001.pgp>
------------------------------
Message: 2
Date: Tue, 01 Oct 2013 11:25:09 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1983-1] Python 2.7 vulnerabilities
Message-ID: <524AE955.2020603@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1983-1
October 01, 2013
python2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
Florian Weimer discovered that Python incorrectly handled matching multiple
wildcards in ssl certificate hostnames. An attacker could exploit this to
cause Python to consume resources, resulting in a denial of service. This
issue only affected Ubuntu 13.04. (CVE-2013-2099)
Ryan Sleevi discovered that Python did not properly handle certificates
with NULL characters in the Subject Alternative Name field. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. (CVE-2013-4238)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
python2.7 2.7.4-2ubuntu3.2
python2.7-minimal 2.7.4-2ubuntu3.2
Ubuntu 12.10:
python2.7 2.7.3-5ubuntu4.3
python2.7-minimal 2.7.3-5ubuntu4.3
Ubuntu 12.04 LTS:
python2.7 2.7.3-0ubuntu3.4
python2.7-minimal 2.7.3-0ubuntu3.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1983-1
CVE-2013-2099, CVE-2013-4238
Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.4-2ubuntu3.2
https://launchpad.net/ubuntu/+source/python2.7/2.7.3-5ubuntu4.3
https://launchpad.net/ubuntu/+source/python2.7/2.7.3-0ubuntu3.4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20131001/e2e2e203/attachment-0001.pgp>
------------------------------
Message: 3
Date: Tue, 01 Oct 2013 11:25:26 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1984-1] Python 3.2 vulnerabilities
Message-ID: <524AE966.7050603@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1984-1
October 01, 2013
python3.2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.2: An interactive high-level object-oriented language
Details:
Florian Weimer discovered that Python incorrectly handled matching multiple
wildcards in ssl certificate hostnames. An attacker could exploit this to
cause Python to consume resources, resulting in a denial of service.
(CVE-2013-2099)
Ryan Sleevi discovered that Python did not properly handle certificates
with NULL characters in the Subject Alternative Name field. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. (CVE-2013-4238)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
python3.2 3.2.3-6ubuntu3.4
python3.2-minimal 3.2.3-6ubuntu3.4
Ubuntu 12.04 LTS:
python3.2 3.2.3-0ubuntu3.5
python3.2-minimal 3.2.3-0ubuntu3.5
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1984-1
CVE-2013-2099, CVE-2013-4238
Package Information:
https://launchpad.net/ubuntu/+source/python3.2/3.2.3-6ubuntu3.4
https://launchpad.net/ubuntu/+source/python3.2/3.2.3-0ubuntu3.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20131001/df5ae4a2/attachment-0001.pgp>
------------------------------
Message: 4
Date: Tue, 01 Oct 2013 11:42:32 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1985-1] Python 3.3 vulnerabilities
Message-ID: <524AED68.3090703@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1985-1
October 01, 2013
python3.3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.3: An interactive high-level object-oriented language
Details:
Florian Weimer discovered that Python incorrectly handled matching multiple
wildcards in ssl certificate hostnames. An attacker could exploit this to
cause Python to consume resources, resulting in a denial of service.
(CVE-2013-2099)
Ryan Sleevi discovered that Python did not properly handle certificates
with NULL characters in the Subject Alternative Name field. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. (CVE-2013-4238)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
python3.3 3.3.1-1ubuntu5.2
python3.3-minimal 3.3.1-1ubuntu5.2
Ubuntu 12.10:
python3.3 3.3.0-1ubuntu0.1
python3.3-minimal 3.3.0-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1985-1
CVE-2013-2099, CVE-2013-4238
Package Information:
https://launchpad.net/ubuntu/+source/python3.3/3.3.1-1ubuntu5.2
https://launchpad.net/ubuntu/+source/python3.3/3.3.0-1ubuntu0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20131001/74847740/attachment-0001.pgp>
------------------------------
Message: 5
Date: Tue, 01 Oct 2013 13:41:24 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1986-1] Network Audio System (NAS) vulnerabilities
Message-ID: <524B0944.9070507@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1986-1
October 01, 2013
nas vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Network Audio System (NAS).
Software Description:
- nas: Network Audio System
Details:
Hamid Zamani discovered multiple security issues in the Network Audio
System (NAS) server. An attacker could possibly use these issues to cause a
denial of service or execute arbitrary code. (CVE-2013-4256, CVE-2013-4257)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
nas 1.9.3-5ubuntu0.13.04.1
Ubuntu 12.10:
nas 1.9.3-5ubuntu0.12.10.1
Ubuntu 12.04 LTS:
nas 1.9.3-4ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1986-1
CVE-2013-4256, CVE-2013-4257
Package Information:
https://launchpad.net/ubuntu/+source/nas/1.9.3-5ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/nas/1.9.3-5ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/nas/1.9.3-4ubuntu0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20131001/3868c8ef/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 109, Issue 1
********************************************************
News
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2013
(149)
-
▼
October
(9)
- ubuntu-security-announce Digest, Vol 109, Issue 9
- ubuntu-security-announce Digest, Vol 109, Issue 8
- ubuntu-security-announce Digest, Vol 109, Issue 7
- ubuntu-security-announce Digest, Vol 109, Issue 6
- ubuntu-security-announce Digest, Vol 109, Issue 5
- ubuntu-security-announce Digest, Vol 109, Issue 4
- ubuntu-security-announce Digest, Vol 109, Issue 3
- ubuntu-security-announce Digest, Vol 109, Issue 2
- ubuntu-security-announce Digest, Vol 109, Issue 1
-
▼
October
(9)
No comments:
Post a Comment