Amazon Linux AMI : python26 (ALAS-2015-621)

An integer overflow flaw was found in the way the buffer function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. It was discovered that multiple Python standard library...

Medium: python26

Issue Overview: An integer overflow flaw was found in the way the buffer function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. It was discovered that multiple Python...

python, tkinter security update

CentOS Errata and Security Advisory CESA-2015:2101 Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs

It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...

Moderate: Red Hat Security Advisory: python security, bug fix, and enhancement update

Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

Amazon Linux: Security Advisory (ALAS-2014-440)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : python on 6.x i686/x86_64 (2015:1330)

The remote Scientific Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2015:1330-1 advisory. - Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before...

CentOS 6 : python (CESA-2015:1330)

Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

RHEL 6 : python (RHSA-2015:1330)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1330 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes...

Ubuntu: Security Advisory (USN-2653-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Python vulnerabilities (USN-2653-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2653-1 advisory. It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp,...

USN-2653-1 python2.7, python3.2, python3.4 vulnerabilities

It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. CVE-2013-1752 It was discovered that the Python xmlrpc library did not...

USN-2653-1: Python vulnerabilities

It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. CVE-2013-1752 It was discovered that the Python xmlrpc library did not...

python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs

It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...

Mandriva Linux Security Advisory : python3 (MDVSA-2015:076)

Updated python3 packages fix security vulnerabilities : ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips CVE-2013-7338. A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited ...

Fedora 20 : python3-3.3.2-18.fc20 (2014-14245)

Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Fedora 20 : python-2.7.5-15.fc20 (2014-14227)

Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much...

Amazon Linux AMI : python27 (ALAS-2014-440)

It was discovered that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. CVE-2014-4650 Integer overflow in bufferobject.c i...

Medium: python27

Issue Overview: It was discovered http://bugs.python.org/issue21766 that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root...

[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...