CVE-2011-4944
Publication date 27 August 2012
Last updated 24 July 2024
Ubuntu priority
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
Status
Package | Ubuntu Release | Status |
---|---|---|
python2.4 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy |
Fixed 2.4.5-1ubuntu4.4
|
|
python2.5 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy |
Fixed 2.5.2-2ubuntu6.2
|
|
python2.6 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric |
Fixed 2.6.7-4ubuntu1.1
|
|
11.04 natty |
Fixed 2.6.6-6ubuntu7.1
|
|
10.10 maverick | Ignored end of life | |
10.04 LTS lucid |
Fixed 2.6.5-1ubuntu6.1
|
|
8.04 LTS hardy | Not in release | |
python2.7 | 13.04 raring |
Not affected
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Not affected
|
|
11.10 oneiric |
Fixed 2.7.2-5ubuntu1.1
|
|
11.04 natty |
Fixed 2.7.1-5ubuntu2.2
|
|
10.10 maverick | Ignored end of life | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release | |
python3.1 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty |
Fixed 3.1.3-1ubuntu1.2
|
|
10.10 maverick | Ignored end of life | |
10.04 LTS lucid |
Fixed 3.1.2-0ubuntu3.2
|
|
8.04 LTS hardy | Not in release | |
python3.2 | 13.04 raring | Not in release |
12.10 quantal |
Fixed 3.2.3-6ubuntu3.1
|
|
12.04 LTS precise |
Fixed 3.2.3-0ubuntu3.2
|
|
11.10 oneiric |
Fixed 3.2.2-0ubuntu1.1
|
|
11.04 natty |
Fixed 3.2-1ubuntu1.2
|
|
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release | |
python3.3 | 13.04 raring |
Not affected
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
Notes
Patch details
Package | Patch details |
---|---|
python2.6 | |
python2.7 | |
python3.1 | |
python3.2 | |
python3.3 |
References
Related Ubuntu Security Notices (USN)
- USN-1613-1
- Python 2.5 vulnerabilities
- 17 October 2012
- USN-1592-1
- Python 2.7 vulnerabilities
- 2 October 2012
- USN-1613-2
- Python 2.4 vulnerabilities
- 17 October 2012
- USN-1616-1
- Python 3.1 vulnerabilities
- 24 October 2012
- USN-1615-1
- Python 3.2 vulnerabilities
- 23 October 2012
- USN-1596-1
- Python 2.6 vulnerabilities
- 4 October 2012