USN-7015-1 fixed several vulnerabilities in Python. This update provides
the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for
python3.5 in Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of
service. (CVE-2024-8088)
More Stories
USN-7003-5: Linux kernel vulnerabilities
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local...
webkitgtk-2.46.1-1.fc39
FEDORA-2024-e1357fc22f Packages in this update: webkitgtk-2.46.1-1.fc39 Update description: Fix login QR code not shown in WhatsApp web. Disable PSON by...
webkitgtk-2.46.1-1.fc41
FEDORA-2024-b142cc07d0 Packages in this update: webkitgtk-2.46.1-1.fc41 Update description: Fix login QR code not shown in WhatsApp web. Disable PSON by...
webkitgtk-2.46.1-1.fc40
FEDORA-2024-4c6304b6fa Packages in this update: webkitgtk-2.46.1-1.fc40 Update description: Fix login QR code not shown in WhatsApp web. Disable PSON by...
USN-7048-1: Vim vulnerability
Suyue Guo discovered that Vim incorrectly handled memory when flushing the typeahead buffer, leading to heap-buffer-overflow. An attacker could possibly...
SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288)
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 30 <<< application/pkcs7-signature; name="smime.p7s": Unrecognized >>> Read More