Python Updates for Debian 7 LTS
Posted on: 11/25/2017 06:38 AM

The following Python updates has been released for Debian GNU/Linux 7 LTS:

DLA 1189-1: python2.7 security update
DLA 1190-1: python2.6 security update
DLA 1191-1: python-werkzeug security update

DLA 1189-1: python2.7 security update
Package : python2.7
Version : 2.7.3-6+deb7u4
CVE ID : CVE-2017-1000158


A minor security vulnerability has been discovered in Python 2.7, an
interactive high-level object-oriented language.

CVE-2017-1000158

CPython (the reference implementation of Python also commonly known
as simply Python) versions 2.6 and 2.7 are vulnerable to an integer
overflow and heap corruption, leading to possible arbitrary code
execution. The nature of the error has to do with improper handling
of large strings with escaped characters.

For Debian 7 "Wheezy", these problems have been fixed in version
2.7.3-6+deb7u4.

We recommend that you upgrade your python2.7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




DLA 1190-1: python2.6 security update
Package : python2.6
Version : 2.6.8-1.1+deb7u1
CVE ID : CVE-2017-1000158


A minor security vulnerability has been discovered in Python 2.7, an
interactive high-level object-oriented language.

CVE-2017-1000158

CPython (the reference implementation of Python also commonly known
as simply Python) versions 2.6 and 2.7 are vulnerable to an integer
overflow and heap corruption, leading to possible arbitrary code
execution. The nature of the error has to do with improper handling
of large strings with escaped characters.

For Debian 7 "Wheezy", these problems have been fixed in version
2.6.8-1.1+deb7u1.

We recommend that you upgrade your python2.6 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




DLA 1191-1: python-werkzeug security update



Package : python-werkzeug
Version : 0.8.3+dfsg-1+deb7u1
CVE ID : CVE-2016-10516


A security issue that allows XSS on the Werkzeug debugger allows
remote attackers to inject arbitrary stuff via a field that
contains an exception message.


For Debian 7 "Wheezy", these problems have been fixed in version
0.8.3+dfsg-1+deb7u1.

We recommend that you upgrade your python-werkzeug packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS







Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/python_updates_for_debian_7_lts.html)