A regression has been identified in the python2.6 update of DLA-25-1,
which may cause python applications to abort if they were running during
the upgrade but they had not already imported the ‘os’ module, and do so
after the upgrade. This update fixes this upgrade scenario.

For reference, the original advisory text follows.

Multiple vulnerabilities were discovered in python2.6. The more
relevant are:

CVE-2013-4238
Incorrect handling of NUL bytes in certificate hostnames may allow
server spoofing via specially-crafted certificates signed by
a trusted Certification Authority.
CVE-2014-1912
Buffer overflow in socket.recvfrom_into leading to application
crash and possibly code execution.

For Debian 6 Squeeze, these issues have been fixed in python2.6 version 2.6.6-8+deb6u2

CPENameOperatorVersion
python2.6eq2.6.6-8

CPE	Name	Operator	Version
	python2.6	eq	2.6.6-8

References

www.debian.org/lts/security/2014/dla-25

osv 3

nessus 56

debian 2

openvas 62

zdt 1

seebug 3

exploitpack 1

fedora 12

securityvulns 6

cve 3

ubuntu 5

debiancve 2

freebsd 1

amazon 4

prion 3

ubuntucve 2

oraclelinux 3

redhat 4

centos 2

exploitdb 1

mageia 3

f5 3

veracode 6

ibm 4

gentoo 1

vmware 2

suse 1

rosalinux 1

oracle 1

osv

python2.7 - security update

2014-03-17 00:00:00

python2.6 - regression update

2014-07-31 00:00:00

python2.6 - security update

2014-07-31 00:00:00

nessus

Debian DSA-2880-1 : python2.7 - security update

2014-03-18 00:00:00

openSUSE Security Update : python (openSUSE-SU-2014:0380-1)

2014-06-13 00:00:00

Mandriva Linux Security Advisory : python (MDVSA-2014:041)

2014-02-20 00:00:00

debian

[SECURITY] [DSA 2880-1] python2.7 security update

2014-03-17 18:07:37

[DLA 25-1] python2.6 security update

2014-07-31 21:07:32

openvas

Debian: Security Advisory (DSA-2880-1)

2014-03-16 00:00:00

Debian Security Advisory DSA 2880-1 (python2.7 - security update)

2014-03-17 00:00:00

SUSE: Security Advisory (SUSE-SU-2014:1006-1)

2021-06-09 00:00:00

zdt

Python socket.recvfrom_into() remote buffer overflow exploit

2014-02-23 00:00:00

seebug

Python "sock_recvfrom_into()" 缓冲区溢出漏洞

2014-02-25 00:00:00

Python socket.recvfrom_into() - Remote Buffer Overflow

2014-07-01 00:00:00

Python多个安全漏洞

2013-12-30 00:00:00

exploitpack

Python - socket.recvfrom_into() Remote Buffer Overflow

2014-02-24 00:00:00

fedora

[SECURITY] Fedora 20 Update: python-2.7.5-10.fc20

2014-02-14 07:51:33

[SECURITY] Fedora 20 Update: python3-3.3.2-9.fc20

2014-02-15 07:05:19

[SECURITY] Fedora 19 Update: python-2.7.5-4.fc19

2013-08-24 22:27:19

securityvulns

[ MDVSA-2014:041 ] python

2014-03-03 00:00:00

Python buffer overflow

2014-03-03 00:00:00

Python SSL certificate check bypass

2013-10-02 00:00:00

cve

CVE-2014-1912

2014-03-01 00:55:00

CVE-2013-4238

2013-08-18 02:52:00

CVE-2013-4328

2013-08-27 03:34:00

ubuntu

Python vulnerability

2014-03-03 00:00:00

Python 2.6 vulnerability

2013-10-01 00:00:00

Python 2.7 vulnerabilities

2013-10-01 00:00:00

debiancve

CVE-2014-1912

2014-03-01 00:55:00

CVE-2013-4238

2013-08-18 02:52:00

freebsd

Python -- buffer overflow in socket.recvfrom_into()

2014-01-14 00:00:00

amazon

Medium: python27

2014-02-26 14:28:00

Medium: python26

2014-02-26 14:28:00

Medium: python27

2013-09-04 13:31:00

prion

Buffer overflow

2014-03-01 00:55:00

Design/Logic Flaw

2013-08-18 02:52:00

Design/Logic Flaw

2013-08-27 03:34:00

ubuntucve

CVE-2014-1912

2014-02-21 00:00:00

CVE-2013-4238

2013-08-17 00:00:00

oraclelinux

python security, bug fix, and enhancement update

2013-11-26 00:00:00

python security, bug fix, and enhancement update

2015-07-28 00:00:00

python27 security, bug fix, and enhancement update

2016-02-04 00:00:00

redhat

(RHSA-2013:1582) Moderate: python security, bug fix, and enhancement update

2013-11-21 00:00:00

(RHSA-2015:1330) Moderate: python security, bug fix, and enhancement update

2015-07-22 00:00:00

(RHSA-2015:1064) Moderate: python27 security, bug fix, and enhancement update

2015-06-04 00:00:00

centos

python, tkinter security update

2013-11-26 13:32:42

python, tkinter security update

2015-07-26 14:11:19

exploitdb

Python - 'socket.recvfrom_into()' Remote Buffer Overflow

2014-02-24 00:00:00

mageia

Updated python & python3 packages fix multiple vulnerabilities

2014-02-20 01:24:08

Updated python3, bzr and some python packages fix security vulnerabilties

2013-08-22 21:58:14

Updated python packages fix CVE-2013-4328 and pip

2013-08-17 12:43:24

K93278412 : Python and Jython vulnerabilities CVE-2014-1912 and CVE-2014-4650

2017-07-21 00:00:00

SOL15638 - Python vulnerability CVE-2013-4238

2014-09-29 00:00:00

K15638 : Python vulnerability CVE-2013-4238

2014-10-17 00:00:00

veracode

Man-in-the-Middle (MitM)

2019-01-15 08:51:35

Improper Input Validation

2019-05-02 05:39:24

Improper Input Validation

2019-05-02 05:39:24

ibm

Security Bulletin: Python vulnerabilities affect IBM SmartCloud Entry (CVE-2013-1752 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185)

2020-07-19 00:49:12

Security Bulletin: Multiple Vulnerabilities in python 2.6.4 used in OS Image for AIX shipped with IBM Cloud Pak System

2020-05-06 11:57:04

Security Bulletin: Docker and Python as used in IBM QRadar SIEM is vulnerable to various CVEs.

2018-06-16 22:01:04

gentoo

Python: Multiple vulnerabilities

2015-03-18 00:00:00

vmware

VMware vSphere product updates address security vulnerabilities

2014-12-04 00:00:00

VMware vSphere product updates address security vulnerabilities

2014-12-04 00:00:00

suse

Security update for python3 (important)

2020-01-21 00:00:00

rosalinux

Advisory ROSA-SA-2021-1957

2021-07-02 18:03:40

oracle

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for OSV:DLA-25-3