USN-359-1: Python vulnerability

6 October 2006

python2.3, python2.4 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS
  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description


Benjamin C. Wiley Sittler discovered that Python’s repr() function did not properly handle UTF-32/UCS-4 strings. If an application uses repr() on arbitrary untrusted data, this could be exploited to execute arbitrary code with the privileges of the python application.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
python2.3-dbg - 2.3.5-9ubuntu1.2
python2.4-minimal - 2.4.3-0ubuntu6
Ubuntu 5.10
python2.3 - 2.3.5-8ubuntu0.2
python2.4-minimal - 2.4.2-1ubuntu0.2
Ubuntu 5.04
python2.3 - 2.3.5-2ubuntu0.3
python2.4-minimal - 2.4.1-0ubuntu0.2

To update your system, please follow these instructions:

In general, a standard system upgrade is sufficient to effect the necessary changes.