32 matches found
Debian: Security Advisory (DLA-1107-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1107-1] bzr security update
Package : bzr Version : 2.6.0bzr6526-1+deb7u1 CVE ID : CVE-2013-2099 CVE-2017-14176 Debian Bug : 709068 874429 CVE-2013-2099 Bazaar bundles SSL certificate checking code from Python, which had a bug that could cause a denial of service via resource consumption through multiple wildcards in...
Fedora 22 : python-pymongo-2.5.2-8.fc22 (2016-52b294538d)
Security fix for CVE-2013-2099, CVE-2013-7440 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 23 : python-pymongo-2.5.2-8.fc23 (2016-50abc3e885)
Security fix for CVE-2013-2099, CVE-2013-7440 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
RHEL 6 : cloud-init (RHSA-2015:0042)
Updated cloud-init packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Common for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base...
Fedora 19 : python-tornado-2.2.1-7.fc19 (2014-16477)
Add patch to fix CVE-2013-2098 CVE-2013-2099 bug 96627 - Drop requires python-simplejson, not needed for modern python Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...
Fedora 20 : python-tornado-2.2.1-7.fc20 (2014-16390)
Add patch to fix CVE-2013-2098 CVE-2013-2099 bug 96627 - Drop requires python-simplejson, not needed for modern python Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...
Low: Red Hat Security Advisory: python-backports-ssl_match_hostname security update
An updated python-backports-sslmatchhostname package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives...
openSUSE Security Update : python3 (openSUSE-SU-2014:1070-1)
This python3 update fixes the following security and non security issues : - CGIHTTPServer filedisclosure and directory traversal through URL-encoded characters CVE-2014-4650, bnc885882 - DoS on ssl.matchhostname via a crafted certificate with too many wildcards CVE-2013-2099, bnc886001 - fix...
GLSA-201401-04 : Python: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201401-04 Python: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Servic...
Fedora Update for python3 FEDORA-2013-21415
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-2099
Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2099. Reason: This candidate is a duplicate of CVE-2013-2099. Notes: All CVE users should reference CVE-2013-2099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2013-2099
CVE-2013-2099 is an algorithmic complexity vulnerability in Python’s ssl.match_hostname() used for validating hostnames in certificates. It allows remote attackers to cause high CPU usage (denial of service) by supplying certificates with multiple wildcard characters in the common name. Affected ...
CVE-2013-2099
Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...
Ubuntu: Security Advisory (USN-1983-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-1985-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 12.04 LTS / 12.10 : python3.2 vulnerabilities (USN-1984-1)
Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. CVE-2013-2099 Ryan Sleevi discovered that Python did not properly handle...
Ubuntu 12.04 LTS / 12.10 / 13.04 : python2.7 vulnerabilities (USN-1983-1)
Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. CVE-2013-2099 Ryan Sleevi discovered th...
USN-1985-1: Python 3.3 vulnerabilities
Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. CVE-2013-2099 Ryan Sleevi discovered that Python did not properly handle...