Ubuntu Update For Python3.3 USN-1985-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. (CVE-2013-2099) Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2013-4238)

Affected

python3.3 on Ubuntu 13.04 , Ubuntu 12.10

Severity

Classification

CVE CVE-2013-2099, CVE-2013-4238
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for apache2 USN-2152-1
Ubuntu Update for apache2 USN-1903-1
Ubuntu Update for dbus USN-1176-1
Ubuntu Update for boost vulnerabilities USN-570-1
Ubuntu Update for aptdaemon USN-1414-1

Ubuntu Update for python3.3 USN-1985-1

Take action and discover your vulnerabilities