Solution
Please Install the Updated Packages.
Insight
Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. (CVE-2013-2099)
Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2013-4238)
Affected
python2.7 on Ubuntu 13.04 ,
Ubuntu 12.10 ,
Ubuntu 12.04 LTS
Severity
Classification
-
CVE CVE-2013-2099, CVE-2013-4238 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities