Python 2.7 vulnerabilities

2013-10-01T00:00:00
ID USN-1983-1
Type ubuntu
Reporter Ubuntu
Modified 2013-10-01T00:00:00

Description

Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. (CVE-2013-2099)

Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2013-4238)