[USN-2862-1] Pygments vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jan 7 14:02:30 UTC 2016

Ubuntu Security Notice USN-2862-1
January 07, 2016

pygments vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS


Pygments could be made to crash or run programs if it processed a specially
crafted font request.

Software Description:
- pygments: syntax highlighting package written in Python


It was discovered that Pygments incorrectly sanitized strings used to
search system fonts. An attacker could possibly use this issue to execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
  python-pygments                 2.0.1+dfsg-1.1svn1.1
  python3-pygments                2.0.1+dfsg-1.1svn1.1

Ubuntu 15.04:
  python-pygments                 2.0.1+dfsg-1svn1.1
  python3-pygments                2.0.1+dfsg-1svn1.1

Ubuntu 14.04 LTS:
  python-pygments                 1.6+dfsg-1ubuntu1.1
  python3-pygments                1.6+dfsg-1ubuntu1.1

Ubuntu 12.04 LTS:
  python-pygments                 1.4+dfsg-2ubuntu0.1
  python3-pygments                1.4+dfsg-2ubuntu0.1

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20160107/005db7ee/attachment.sig>

More information about the ubuntu-security-announce mailing list