[SECURITY] [DLA 1889-1] python3.4 security update

2019-08-1717:55:32

lists.debian.org

291

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

Package : python3.4
Version : 3.4.2-1+deb8u6
CVE ID : CVE-2018-20852

A vulnerability has been discovered in Python, an interactive high-level
object-oriented language, that is relevant for cookie handling.
By using a malicious server an attacker might steal cookies that are
meant for other domains

For Debian 8 "Jessie", this problem has been fixed in version
3.4.2-1+deb8u6.

We recommend that you upgrade your python3.4 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9armellibpython2.7-dev< 2.7.13-2+deb9u4libpython2.7-dev_2.7.13-2+deb9u4_armel.deb
Debian9i386libpython3.5< 3.5.3-1+deb9u2libpython3.5_3.5.3-1+deb9u2_i386.deb
Debian8armhfpython3.4-dev< 3.4.2-1+deb8u6python3.4-dev_3.4.2-1+deb8u6_armhf.deb
Debian8armhflibpython3.4< 3.4.2-1+deb8u6libpython3.4_3.4.2-1+deb8u6_armhf.deb
Debian8amd64python2.7-dbg< 2.7.9-2+deb8u4python2.7-dbg_2.7.9-2+deb8u4_amd64.deb
Debian9i386python3.5-venv< 3.5.3-1+deb9u2python3.5-venv_3.5.3-1+deb9u2_i386.deb
Debian8armelpython3.4-venv< 3.4.2-1+deb8u6python3.4-venv_3.4.2-1+deb8u6_armel.deb
Debian10armellibpython2.7-minimal< 2.7.16-2+deb10u1libpython2.7-minimal_2.7.16-2+deb10u1_armel.deb
Debian9amd64libpython3.5-dev< 3.5.3-1+deb9u2libpython3.5-dev_3.5.3-1+deb9u2_amd64.deb
Debian9arm64libpython3.5-minimal< 3.5.3-1+deb9u2libpython3.5-minimal_3.5.3-1+deb9u2_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	libpython2.7-dev	< 2.7.13-2+deb9u4	libpython2.7-dev_2.7.13-2+deb9u4_armel.deb
Debian	9	i386	libpython3.5	< 3.5.3-1+deb9u2	libpython3.5_3.5.3-1+deb9u2_i386.deb
Debian	8	armhf	python3.4-dev	< 3.4.2-1+deb8u6	python3.4-dev_3.4.2-1+deb8u6_armhf.deb
Debian	8	armhf	libpython3.4	< 3.4.2-1+deb8u6	libpython3.4_3.4.2-1+deb8u6_armhf.deb
Debian	8	amd64	python2.7-dbg	< 2.7.9-2+deb8u4	python2.7-dbg_2.7.9-2+deb8u4_amd64.deb
Debian	9	i386	python3.5-venv	< 3.5.3-1+deb9u2	python3.5-venv_3.5.3-1+deb9u2_i386.deb
Debian	8	armel	python3.4-venv	< 3.4.2-1+deb8u6	python3.4-venv_3.4.2-1+deb8u6_armel.deb
Debian	10	armel	libpython2.7-minimal	< 2.7.16-2+deb10u1	libpython2.7-minimal_2.7.16-2+deb10u1_armel.deb
Debian	9	amd64	libpython3.5-dev	< 3.5.3-1+deb9u2	libpython3.5-dev_3.5.3-1+deb9u2_amd64.deb
Debian	9	arm64	libpython3.5-minimal	< 3.5.3-1+deb9u2	libpython3.5-minimal_3.5.3-1+deb9u2_arm64.deb