python: CRLF injection via the query part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

SUSE-SU-2019:0971-1 Security update for python3

This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization bsc1129346...

OPENSUSE-SU-2019:0329-1 Security update for obs-service-tar_scm

This update for obs-service-tarscm fixes the following issues: Security vulnerabilities addressed: - CVE-2018-12473: Fixed a path traversal issue, which allowed users to access files outside of the repository using relative paths bsc1105361 - CVE-2018-12474: Fixed an issue whereby crafted service...

UBUNTU-CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

USN-3496-3 python3.4, python3.5 vulnerability

USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code...

PT-2013-3541 · Python +1 · Python-Backports-Ssl Match Hostname +2

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.4 python-backports-ssl match hostname affected versions not specified Description: The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by exploiting the ssl.match hostname...

(CGIHTTPServer): CGI script source code disclosure

The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...

Python: Memory corruption in audioop module

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service memory corruption and application crash via crafted arguments, as demonstrated by a call to...