Lucene search

K
debianDebianDEBIAN:DLA-25-1:0FCA7
HistoryJul 31, 2014 - 9:07 p.m.

[DLA 25-1] python2.6 security update

2014-07-3121:07:32
lists.debian.org
15

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.2 High

AI Score

Confidence

Low

0.53 Medium

EPSS

Percentile

97.6%

Package : python2.6
Version : 2.6.6-8+deb6u1
CVE ID : CVE-2011-1015 CVE-2011-1521 CVE-2011-4940 CVE-2011-4944
CVE-2012-0845 CVE-2012-1150 CVE-2013-4238 CVE-2014-1912

Multiple vulnerabilities were discovered in python2.6. The more
relevant are:

CVE-2013-4238

Incorrect handling of NUL bytes in certificate hostnames may allow
server spoofing via specially-crafted certificates signed by
a trusted Certification Authority.

CVE-2014-1912

Buffer overflow in socket.recvfrom_into leading to application
crash and possibly code execution.

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.2 High

AI Score

Confidence

Low

0.53 Medium

EPSS

Percentile

97.6%