Lucene search

K
redhatRedHatRHSA-2022:6457
HistorySep 13, 2022 - 7:37 a.m.

(RHSA-2022:6457) Moderate: python3 security update

2022-09-1307:37:08
access.redhat.com
91
python3
security update
mailcap
urllib.parse
cve-2015-20107
cve-2022-0391
interpreted language
object-oriented
dynamic typing
system calls
libraries
windowing systems
cvss score
unix

CVSS2

8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:C/A:P

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

EPSS

0.002

Percentile

59.6%

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python(mailcap): findmatch() function does not sanitise the second argument (CVE-2015-20107)

  • python: urllib.parse does not sanitize URLs containing ASCII newline and tabs (CVE-2022-0391)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS2

8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:C/A:P

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

EPSS

0.002

Percentile

59.6%