CVE-2010-3493

Publication date 19 October 2010

Last updated 24 July 2024


Ubuntu priority

Negligible

Why this priority?

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.

Read the notes from the security team

Status

Package Ubuntu Release Status
python2.4 12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy
Fixed 2.4.5-1ubuntu4.4
6.06 LTS dapper Ignored end of life
python2.5 12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy
Fixed 2.5.2-2ubuntu6.2
6.06 LTS dapper Ignored end of life
python2.6 12.04 LTS precise Not in release
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Fixed 2.6.5-1ubuntu6.1
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release
python2.7 12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
python3.1 12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Fixed 3.1.2-0ubuntu3.1
9.10 karmic Ignored end of life
9.04 jaunty Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release
python3.2 12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release

Notes


jdstrand

python3.1 on Ubuntu 10.10 has additional patches on top of 3.1.2, including a fix for this issue

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
python2.4
python2.5
python2.6
python3.1

References

Related Ubuntu Security Notices (USN)

    • USN-1613-1
    • Python 2.5 vulnerabilities
    • 17 October 2012
    • USN-1314-1
    • Python 3 vulnerabilities
    • 19 December 2011
    • USN-1613-2
    • Python 2.4 vulnerabilities
    • 17 October 2012
    • USN-1596-1
    • Python 2.6 vulnerabilities
    • 4 October 2012

Other references