CVE-2012-2135
Publication date 14 August 2012
Last updated 24 July 2024
Ubuntu priority
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.
Status
Package | Ubuntu Release | Status |
---|---|---|
python3.1 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty |
Fixed 3.1.3-1ubuntu1.2
|
|
10.04 LTS lucid |
Fixed 3.1.2-0ubuntu3.2
|
|
8.04 LTS hardy | Not in release | |
python3.2 | 13.04 raring | Not in release |
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Fixed 3.2.3-0ubuntu3.2
|
|
11.10 oneiric |
Fixed 3.2.2-0ubuntu1.1
|
|
11.04 natty |
Fixed 3.2-1ubuntu1.2
|
|
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release | |
python3.3 | 13.04 raring |
Not affected
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
Notes
Patch details
Package | Patch details |
---|---|
python3.1 | |
python3.2 | |
python3.3 |
References
Related Ubuntu Security Notices (USN)
- USN-1616-1
- Python 3.1 vulnerabilities
- 24 October 2012
- USN-1615-1
- Python 3.2 vulnerabilities
- 23 October 2012