CLSA-2023-1697739575 python3: Fix of 4 CVEs

CVE-2021-3737: Fix http client infinite line reading DoS after a HTTP 100 Continue - CVE-2021-28861: Fix an open redirection vulnerability in http.server - CVE-2022-0391: Make urllib.parse sanitize urls containing ASCII newline and tabs - CVE-2022-45061: Fix quadratic time idna decoding...

USN-6400-1 python2.7, python3.5 vulnerability

It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information...

SUSE-SU-2023:3804-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692...

Medium: python38

Issue Overview: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16,...

USN-6354-1 python2.7, python3.5 vulnerability

It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity XXE injection, resulting in a denial of service or information disclosure...

Important: python3.9

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

UBUNTU-CVE-2023-40587

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...

CLSA-2023-1689885583 python3: Fix of CVE-2023-24329

CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit...

SUSE CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

SUSE-SU-2023:0868-2 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to...

Important: python3.9

Issue Overview: Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machi...

USN-5960-1 python2.7, python3.10, python3.5, python3.6, python3.8 vulnerability

Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters...

SUSE CVE-2011-1015

The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...

SUSE CVE-2013-2099

Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...

OESA-2023-1045 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

SUSE-SU-2022:4258-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names bsc1205244...

CLSA-2022-1669238513 python3: Fix of CVE-2022-45061

CVE-2022-45061: Fix quadratic time idna decoding...

SUSE-SU-2022:2357-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module bsc1198511...

SUSE-SU-2022:2166-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module bsc1198511...

MGASA-2022-0029 Updated python-celery packages fix security vulnerability

Stored Command Injection CVE-2021-23727 Also fixes unfulfilled python3.8distbilliard installing pythone-celery...