PublicDateAtUSN: 2010-10-19 Candidate: CVE-2010-3493 PublicDate: 2010-10-19 20:00:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493 https://ubuntu.com/security/notices/USN-1314-1 https://ubuntu.com/security/notices/USN-1596-1 https://ubuntu.com/security/notices/USN-1613-1 https://ubuntu.com/security/notices/USN-1613-2 Description: Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. Ubuntu-Description: Notes: jdstrand> python3.1 on Ubuntu 10.10 has additional patches on top of 3.1.2, including a fix for this issue Bugs: http://bugs.python.org/issue9129 Priority: negligible Discovered-by: Giampaolo Rodola Assigned-to: jdstrand CVSS: Patches_python3.2: upstream_python3.2: released (3.2) dapper_python3.2: DNE hardy_python3.2: DNE jaunty_python3.2: DNE karmic_python3.2: DNE lucid_python3.2: DNE maverick_python3.2: DNE natty_python3.2: not-affected (3.2-1ubuntu1) oneiric_python3.2: not-affected precise_python3.2: not-affected devel_python3.2: not-affected Patches_python2.7: upstream_python2.7: released (2.7-1) hardy_python2.7: DNE lucid_python2.7: DNE maverick_python2.7: not-affected (2.7-6) natty_python2.7: not-affected oneiric_python2.7: not-affected precise_python2.7: not-affected devel_python2.7: not-affected Patches_python3.1: upstream: http://hg.python.org/cpython/rev/90bf2243552d/ upstream_python3.1: released (3.1.3-1) dapper_python3.1: DNE hardy_python3.1: DNE jaunty_python3.1: DNE karmic_python3.1: ignored (reached end-of-life) lucid_python3.1: released (3.1.2-0ubuntu3.1) maverick_python3.1: not-affected natty_python3.1: not-affected (3.1.3-1ubuntu1) oneiric_python3.1: DNE precise_python3.1: DNE devel_python3.1: DNE Patches_python2.6: vendor: https://rhn.redhat.com/errata/RHSA-2011-0554.html other: http://hg.python.org/cpython/rev/90bf2243552d/ upstream_python2.6: released (2.6.6-1) dapper_python2.6: DNE hardy_python2.6: DNE jaunty_python2.6: DNE karmic_python2.6: DNE lucid_python2.6: released (2.6.5-1ubuntu6.1) maverick_python2.6: not-affected (2.6.6-5ubuntu1) natty_python2.6: not-affected oneiric_python2.6: not-affected precise_python2.6: DNE devel_python2.6: DNE Patches_python2.5: vendor: https://rhn.redhat.com/errata/RHSA-2011-0492.html upstream_python2.5: released (2.6.6-1) dapper_python2.5: ignored (reached end-of-life) hardy_python2.5: released (2.5.2-2ubuntu6.2) jaunty_python2.5: DNE karmic_python2.5: DNE lucid_python2.5: DNE maverick_python2.5: DNE natty_python2.5: DNE oneiric_python2.5: DNE precise_python2.5: DNE devel_python2.5: DNE Patches_python2.4: vendor: https://rhn.redhat.com/errata/RHSA-2011-0492.html upstream_python2.4: released (2.6.6-1) dapper_python2.4: ignored (reached end-of-life) hardy_python2.4: released (2.4.5-1ubuntu4.4) jaunty_python2.4: DNE karmic_python2.4: DNE lucid_python2.4: DNE maverick_python2.4: DNE natty_python2.4: DNE oneiric_python2.4: DNE precise_python2.4: DNE devel_python2.4: DNE