{"id":"USN-2653-1","summary":"python2.7, python3.2, python3.4 vulnerabilities","details":"It was discovered that multiple Python protocol libraries incorrectly\nlimited certain data when connecting to servers. A malicious ftp, http,\nimap, nntp, pop or smtp server could use this issue to cause a denial of\nservice. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking\ngzip-compressed HTTP bodies. A malicious server could use this issue to\ncause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain\nargument. An attacker could possibly use this issue to read arbitrary\nmemory and expose sensitive information. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this issue\nto expose sensitive information, or possibly execute arbitrary code. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)\n","modified":"2026-04-22T09:14:11.976512Z","published":"2015-06-25T11:58:16Z","related":["UBUNTU-CVE-2013-1752","UBUNTU-CVE-2013-1753","UBUNTU-CVE-2014-4616","UBUNTU-CVE-2014-4650","UBUNTU-CVE-2014-7185"],"upstream":["CVE-2013-1752","CVE-2013-1753","CVE-2014-4616","CVE-2014-4650","CVE-2014-7185","UBUNTU-CVE-2013-1752","UBUNTU-CVE-2013-1753","UBUNTU-CVE-2014-4616","UBUNTU-CVE-2014-4650","UBUNTU-CVE-2014-7185"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2653-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-1752"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-1753"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4616"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4650"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-7185"}],"affected":[{"package":{"name":"python2.7","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/python2.7@2.7.6-8ubuntu0.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.6-8ubuntu0.2"}]}],"versions":["2.7.5-8ubuntu3","2.7.5-8ubuntu4","2.7.6-2","2.7.6-2ubuntu1","2.7.6-3","2.7.6-3ubuntu1","2.7.6-4","2.7.6-4ubuntu1","2.7.6-5","2.7.6-7","2.7.6-8"],"ecosystem_specific":{"binaries":[{"binary_version":"2.7.6-8ubuntu0.2","binary_name":"idle-python2.7"},{"binary_version":"2.7.6-8ubuntu0.2","binary_name":"libpython2.7"},{"binary_version":"2.7.6-8ubuntu0.2","binary_name":"libpython2.7-minimal"},{"binary_version":"2.7.6-8ubuntu0.2","binary_name":"libpython2.7-stdlib"},{"binary_version":"2.7.6-8ubuntu0.2","binary_name":"libpython2.7-testsuite"},{"binary_version":"2.7.6-8ubuntu0.2","binary_name":"python2.7"},{"binary_version":"2.7.6-8ubuntu0.2","binary_name":"python2.7-examples"},{"binary_version":"2.7.6-8ubuntu0.2","binary_name":"python2.7-minimal"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2013-1752","severity":[{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2013-1753","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-4616","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2014-4650","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2014-7185","severity":[{"score":"low","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2653-1.json"}},{"package":{"name":"python3.4","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/python3.4@3.4.0-2ubuntu1.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.0-2ubuntu1.1"}]}],"versions":["3.4~b1-0ubuntu3","3.4~b1-4ubuntu4","3.4~b1-4ubuntu6","3.4~b1-5ubuntu2","3.4~b2-1","3.4~b3-1ubuntu1","3.4~rc1-1build1","3.4~rc2-1","3.4~rc3-0ubuntu1","3.4.0-1","3.4.0-2ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.4.0-2ubuntu1.1","binary_name":"idle-python3.4"},{"binary_version":"3.4.0-2ubuntu1.1","binary_name":"libpython3.4"},{"binary_version":"3.4.0-2ubuntu1.1","binary_name":"libpython3.4-minimal"},{"binary_version":"3.4.0-2ubuntu1.1","binary_name":"libpython3.4-stdlib"},{"binary_version":"3.4.0-2ubuntu1.1","binary_name":"libpython3.4-testsuite"},{"binary_version":"3.4.0-2ubuntu1.1","binary_name":"python3.4"},{"binary_version":"3.4.0-2ubuntu1.1","binary_name":"python3.4-examples"},{"binary_version":"3.4.0-2ubuntu1.1","binary_name":"python3.4-minimal"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2013-1752","severity":[{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2013-1753","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-4616","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2014-4650","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2014-7185","severity":[{"score":"low","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2653-1.json"}}],"schema_version":"1.7.5"}