Ubuntu Security Notice 1613-2 - USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. Various other issues were also addressed.
03c1d61f1a7fd46df33c2cd303dd9df766d417bf63c2774bc68e006f265282de
Ubuntu Security Notice 1613-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.
c13b76291797c5dc6f6323302b6fdfb272dd24cd1b617c855c76a194beaf1ed9
Ubuntu Security Notice 1596-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.
c495413874c5d26f485eefb38fa84c7fd4732958d09a9fc3895bb38badc75820
Ubuntu Security Notice 1592-1 - Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. Various other issues were also addressed.
165afa6d34f225319c4c04de9f89e067f082131a627aa45b978829b0872fee6a
VMware Security Advisory 2012-0001 - VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues.
e35a8f609b986bb8b2fc490b895224847eba088cf1f87974f9bc5820e0c3c589
Ubuntu Security Notice 1314-1 - Giampaolo Rodola discovered that the smtpd module in Python 3 did not properly handle certain error conditions. A remote attacker could exploit this to cause a denial of service via daemon outage. This issue only affected Ubuntu 10.04 LTS. Niels Heinen discovered that the urllib module in Python 3 would process Location headers that specify a file:// URL. A remote attacker could use this to obtain sensitive information or cause a denial of service via resource consumption. Various other issues were also addressed.
9d0bdcadae2291159af229197e983a064ffa1f479de8c8553242e7cc5b46c010
Mandriva Linux Security Advisory 2011-096 - The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / character at the beginning of the URI. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the file:// URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed.
cfd8400b472c9d81ba72ff0351d1a79213014f8039daa39730e7a98053e3d81e