========================================================================== Ubuntu Security Notice USN-3817-2 November 15, 2018 python2.7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Python. Software Description: - python2.7: An interactive high-level object-oriented language Details: USN-3817-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000030) It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000802) It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-1060, CVE-2018-1061) It was discovered that Python failed to initialize Expat's hash salt. A remote attacker could possibly use this issue to cause hash collisions, leading to a denial of service. (CVE-2018-14647) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: python2.7 2.7.3-0ubuntu3.11 python2.7-minimal 2.7.3-0ubuntu3.11 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3817-2 https://usn.ubuntu.com/usn/usn-3817-1 CVE-2018-1000030, CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647