Man-in-the-Middle (MitM)

python is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists as the ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a \0 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

Python -- NULL pointer dereference vulnerability

Python Changelog: bpo-35746: CVE-2019-5010 Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability TALOS-2018-0758 reported by Colin Read and Nicolas Ede...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

python security and bug fix update

2.7.5-58.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-58 - Set stream to None in case an open fails. Resolves: rhbz1432003 2.7.5-57 - Fix implicit declaration warnings of functions added by patches 147 and 265 Resolves: rhbz1441237 2.7.5-56 - Fix shutil.makearchive...

BSA-2017-105

Security Advisory ID : BSA-2017-105 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attacker...

Oracle Fusion Middleware HTTP Server Component Data Read Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is the United States Oracle Oracle company's set of business innovation platform for enterprise and cloud environments. Oracle HTTP Server is one of the open source technology based on Apache Web server components. A data read vulnerability exists...

VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)

The remote VMware ESXi host is affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Python function readstatus in library httplib and in function readline in libraries smtplib, ftplib, nntplib, imaplib, and poplib. A remote attacker can exploit these...

python security, bug fix, and enhancement update

2.7.5-34.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-34 - Revert fix for rhbz1117751 as it leads to regressions Resolves: rhbz1117751 2.7.5-33 - Only restore SIGPIPE when Popen called with restoresigpipe Resolves: rhbz1117751 2.7.5-32 - Backport SSLSocket.version...

Amazon Linux: Security Advisory (ALAS-2015-521)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2013-220)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)

This update to python 2.7.9 fixes the following issues : - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 From the version update to 2.7.9 : - contains full backport of ssl module from Python 3.4 PEP466 - HTTPS certificate validation enabled by default PEP476 - SSLv3...

Low: python-tornado

Issue Overview: A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate suc...

RHEL 6 : cloud-init (RHSA-2015:0042)

Updated cloud-init packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Common for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base...

CentOS 6 : python (CESA-2013:1582)

Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Low: Red Hat Security Advisory: Red Hat Storage 2.1 security, bug fix, and enhancement update

Updated glusterfs, geo-replication, and native client packages that fix one security issue, several bugs, and adds an enhancement are now available Red Hat Storage 2.1. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base...

python: wildcard matching rules do not follow RFC 6125

Multiple flaws were found in the way Python's SSL module performed matching of certificate names containing wildcards. A remote attacker able to obtain a valid certificate that contained certain names with wildcards could have them incorrectly accepted by Python SSL clients, not following the RFC...

Cisco ASA <= 8.x VPN SSL module Clientless URL-list control bypass

No description provided by source...

SuSE 11.3 Security Update : python (SAT Patch Number 8892)

This update for Python fixes the following security issues : - SSL module does not handle certificates that contain hostnames with NULL bytes. CVE-2013-4238. bnc834601 - Various stdlib read flaws. CVE-2013-1752 Additionally, the following non-security issues have been fixed:. bnc856836 - Turn off...

Python多个安全漏洞

CVE ID:CVE-2013-1752、CVE-2013-4238 Python是一款开放源代码的脚本编程语言。 Python存在多个安全漏洞，允许远程攻击者利用漏洞进行伪造攻击和进行拒绝服务攻击。 1，Python SSL模块没有正确处理服务器SSL证书中的"subjectAltNames"通用名的空字节，允许攻击者通过中间人攻击进行服务器伪造攻击，可获取敏感信息。 2，不受限的调用Lib/httplib.py中的"readline"可导致消耗大量内存资源，造成拒绝服务攻击。 3，不受限的调用Lib/ftplib.py中的"readline"可导致消耗大量内存资源，造成拒绝服务攻击。...