RedHat Update for python RHSA-2016:1626-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 / 7 : python (RHSA-2016:1626) (httpoxy)

An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Oracle Linux 6 / 7 : python (ELSA-2016-1626)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1626 advisory. - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359161 - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack rhbz1303647 Raise...

Moderate: Red Hat Security Advisory: python33-python security update

An update for python33-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

Moderate: Red Hat Security Advisory: rh-python34-python security update

An update for rh-python34-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

Moderate: Red Hat Security Advisory: rh-python35-python security update

An update for rh-python35-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

python security update

2.6.6-66.0.1 - Add Oracle Linux distribution in platform.py orabug 21288328 Keshav Sharma 2.6.6-66 - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359161 2.6.6-65 - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack rhbz1303647 Raise an error when STARTTLS fails upstream pat...

Vulnerability of nginx software, allowing a remote attacker to compromise the confidentiality of protected information

The vulnerability in the SMTP proxy of Nginx allows attackers who operate on a “man-in-the-middle” principle to inject commands into SSL sessions initiated with the STARTTLS command, thereby gaining access to confidential information sent by clients...

FreeBSD : Python -- smtplib StartTLS stripping vulnerability (8d5368ef-40fe-11e6-b2ec-b499baebfeaf)

Red Hat reports : A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of negotiating starttls but fails to respond with 220 ok to an explicit call of SMTP.starttls. This ma...

Python smtplib 2.7.11 3.4.4 3.5.1 - Man In The Middle StartTLS Stripping

Python smtplib 2.7.11 3.4.4 3.5.1 - Man In The Middle StartTLS Stripping VuNote ============ Author: Version: 0.2 Date: Nov 25th, 2015 Tag: python smtplib starttls stripping mitm Overview -------- Name: python Vendor: python software foundation References: https://www.python.org/ 1 Version: 2.7.1...

Updated python packages fix security vulnerabilities

Updated python and python3 packages fixes security vulnerability: - Heap overflow in zipimporter module CVE-2016-5636. - HTTP header injection in urrlib2/urllib/httplib/http.client CVE-2016-5699. - smtplib StartTLS stripping attack CVE-2016-0772...

MGASA-2016-0230 Updated python packages fix security vulnerabilities

Updated python and python3 packages fixes security vulnerability: - Heap overflow in zipimporter module CVE-2016-5636. - HTTP header injection in urrlib2/urllib/httplib/http.client CVE-2016-5699. - smtplib StartTLS stripping attack CVE-2016-0772...

Debian DLA-522-1 : python2.7 security update

CVE-2016-0772 A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of negotiating starttls but fails to respond with 220 ok to an explicit call of SMTP.starttls. This may...

[SECURITY] [DLA 522-1] python2.7 security update

Package : python2.7 Version : 2.7.3-6+deb7u3 CVE ID : CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 CVE-2016-0772 A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end smtp server is capable of...

Internet Bug Bounty: CVE-2016-0772 - python: smtplib StartTLS stripping attack

python smtplib starttls stripping attack affects: basically all versions of smtplib with starttls support and projects relying on it python 2.7.2 - 2.7.11 dates back 14 years python 3.0 - 3.5.1 dates back 7 years Python's implementation of smtplib fails to raise an exception upon an unexpected...