Moderate: Red Hat Security Advisory: rh-python36 security, bug fix, and enhancement update

An update for rh-python36-python, rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives...

Fedora 32 : python34 (2020-d30881c970)

CVE-2019-20907: Avoid infinite loop in the tarfile module - CVE-2020-14422: Resolve hash collisions for IPv4Interface and IPv6Interface - CVE-2020-26116: HTTP request method CRLF injection in httplib This update brings Fedora 32's python34 in sync with the EPEL7 package. Note that Tenable Network...

CVE-2007-4559

...

Medium: python34, python35

Issue Overview: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Pyth...

Python -- multiple vulnerabilities

Python reports: bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest…. bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and...

CVE-2019-20907

...

Python infinite loop vulnerability

Python is a widely used high-level programming language that is general-purpose. An infinite loop vulnerability exists in Lib/tarfile.py in Python 3.8.3 and earlier. The vulnerability stems from the lack of header validation in procpax. An attacker can cause a denial of service by exploiting this...

AZL-6825 CVE-2019-20907 affecting package python2 for versions less than 2.7.18-8

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

DEBIAN-CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

ALPINE-CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

UBUNTU-CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

PSF-2020-2 Infinite loop in tarfile module while opening a crafted file

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

PT-2019-5716 · Python +10 · Python +10

Name of the Vulnerable Software and Affected Versions: Python versions through 3.8.3 Description: The issue is related to the proc pax function in Lib/tarfile.py, which lacks proper header validation, allowing an attacker to craft a TAR archive that can cause an infinite loop when opened by...

Generic Zip Slip Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule "Generic Zip Slip Traversal Vulnerability", 'Description' = %q This is a generic arbitrary file overwrite technique, which...

openSUSE Security Update : python / python-base (openSUSE-2018-1363)

This update for python, python-base fixes the following issues : Security issues fixed : - CVE-2018-1000802: Prevent command injection in shutil module makearchive function via passage of unfiltered user input bsc1109663. - CVE-2018-1061: Fixed DoS via regular expression backtracking in...

Security update for python, python-base (moderate)

This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module makearchive function via passage of unfiltered user input bsc1109663. - CVE-2018-1061: Fixed DoS via regular expression backtracking in...

openSUSE Security Update : python3 (openSUSE-2018-1001)

This update for python3 provides the following fixes : These security issues were fixed : - CVE-2018-1061: Prevent catastrophic backtracking in the difflib.ISLINEJUNK method. An attacker could have used this flaw to cause denial of service bsc1088004. - CVE-2018-1060: Prevent catastrophic...

Security update for python3 (moderate)

This update for python3 provides the following fixes: These security issues were fixed: - CVE-2018-1061: Prevent catastrophic backtracking in the difflib.ISLINEJUNK method. An attacker could have used this flaw to cause denial of service bsc1088004. - CVE-2018-1060: Prevent catastrophic...

SUSE-SU-2018:2696-1 Security update for python3

This update for python3 provides the following fixes: These security issues were fixed: - CVE-2018-1061: Prevent catastrophic backtracking in the difflib.ISLINEJUNK method. An attacker could have used this flaw to cause denial of service bsc1088004. - CVE-2018-1060: Prevent catastrophic...