Python 3.1 Vulnerabilities Fixed in Ubuntu 11.10 and Ubuntu 10.04 LTS

On October 24, in a security notice Canonical published details about Python 3.1 vulnerabilities for its Ubuntu 11.04 and Ubuntu 10.04 LTS operating systems.

According to Canonical, several security issues were fixed in Python 3.1. It was discovered that Python would prepend an empty string to sys.path under certain circumstances, that distutils contained a race condition when creating the ~/.pypirc file, and it was susceptible to hash algorithm attacks

A local attacker could have exploited these problems in order to execute arbitrary code, to cause a denial of service via application crash, obtain sensitive information, and cause denial of service via memory corruption.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest python3.1 and python3.1-minimal packages, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.