Source | Text Version

QSN-4151-1: python2.7, python3.5, python3.6, python3.7 vulnerabilities

October 9, 2019

Summary

Several security issues were fixed in Python.

Details

It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056)

It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935)

References

https://usn.ubuntu.com/4151-1

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-16056

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-16935

Update

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l python2.7

If the current version you have is before 2.7.12-1ubuntu0~16.04.9, run the following:

$ sudo apt-get update
$ sudo apt-get install python2.7

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l python2.7-minimal

If the current version you have is before 2.7.12-1ubuntu0~16.04.9, run the following:

$ sudo apt-get update
$ sudo apt-get install python2.7-minimal

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l python3.5

If the current version you have is before 3.5.2-2ubuntu0~16.04.9, run the following:

$ sudo apt-get update
$ sudo apt-get install python3.5

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l python3.5-minimal

If the current version you have is before 3.5.2-2ubuntu0~16.04.9, run the following:

$ sudo apt-get update
$ sudo apt-get install python3.5-minimal

Copyright © 2010-2015, OSNEXUS Corporation. All rights reserved.