Hello Bernd, or anyone else affected, Accepted python2.7 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.3 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: python2.7 (Ubuntu Xenial) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/1512068 Title: Python ctypes.util , Shell Injection in find_library() Status in Python: Fix Released Status in python2.7 package in Ubuntu: Fix Released Status in python2.7 source package in Xenial: Fix Committed Bug description: https://github.com/Legrandin/ctypes/issues/1 The find_library() function can execute code when special chars like ;|`<>$ are in the name. The "os.popen()" calls in the util.py script should be replaced with "subprocess.Popen()". Demo Exploits for Linux : ==================== >>> from ctypes.util import find_library >>> find_library(";xeyes") # runs xeyes >>> find_library("|xterm") # runs terminal >>> find_library("&gimp") # runs gimp >>> find_library("$(nautilus)") # runs filemanager >>> find_library(">test") # creates, and if exists, erases a file "test" ==== Traceback ==== >>> find_library("`xmessage hello`") # shows a message, press ctrl+c for Traceback ^CTraceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name)) File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc trace = f.read() KeyboardInterrupt ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: libpython2.7-stdlib 2.7.10-4ubuntu1 ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3 Uname: Linux 4.2.0-16-generic x86_64 ApportVersion: 2.19.1-0ubuntu4 Architecture: amd64 CurrentDesktop: XFCE Date: Sun Nov 1 10:34:38 2015 InstallationDate: Installed on 2015-10-09 (22 days ago) InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009) SourcePackage: python2.7 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/python/+bug/1512068/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
