Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-1521

Published: 24 May 2011

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Notes

AuthorNote
jdstrand
also needs a testcase fix

Priority

Medium

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy
Released (2.4.5-1ubuntu4.4)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

Patches:
vendor: https://rhn.redhat.com/errata/RHSA-2011-0492.html











python2.5
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.5.2-2ubuntu6.2)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

Patches:

upstream: http://hg.python.org/cpython/rev/dd852a0f92d6 (pt1)
upstream: http://hg.python.org/cpython/rev/ca3b117c40f3 (pt2)
upstream: http://hg.python.org/cpython/rev/9d06d5eb1a7e (pt3)
upstream: http://hg.python.org/cpython/rev/90ec0bc01f3b (pt4, backport from 2.6)







python2.6
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

lucid
Released (2.6.5-1ubuntu6.1)
maverick Ignored
(end of life)
natty
Released (2.6.6-6ubuntu7.1)
oneiric Not vulnerable
(2.6.7-4ubuntu1)
precise Does not exist

upstream
Released (2.6.7)
Patches:





vendor: https://rhn.redhat.com/errata/RHSA-2011-0554.html
upstream: http://hg.python.org/cpython/rev/9eeda8e3a13f/ (pt1)
upstream: http://hg.python.org/cpython/rev/90ec0bc01f3b (pt2)




python2.7
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

lucid Does not exist

maverick Ignored
(end of life)
natty
Released (2.7.1-5ubuntu2.2)
oneiric Not vulnerable
(2.7.2~rc1-2)
precise Not vulnerable
(2.7.2~rc1-2)
upstream
Released (2.7.2)
Patches:








upstream: http://hg.python.org/cpython/rev/b2934d98dac1/ (pt1)
upstream: http://hg.python.org/cpython/rev/34d5d794ccc1 (pt2)


python3.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

lucid
Released (3.1.2-0ubuntu3.1)
maverick
Released (3.1.2+20100915-0ubuntu4.1)
natty
Released (3.1.3-1ubuntu1.1)
oneiric Does not exist

precise Does not exist

upstream
Released (3.1.4 rc1)
Patches:










upstream: http://hg.python.org/cpython/rev/5937d2119a20

python3.2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

lucid Does not exist

maverick Does not exist

natty
Released (3.2-1ubuntu1.1)
oneiric Not vulnerable
(3.2.1~rc1-1)
precise Not vulnerable
(3.2.1~rc1-1)
upstream
Released (3.2.1)
Patches:











upstream: http://hg.python.org/cpython/rev/968bca2cab60