BIT-PYTHON-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

CVE-2023-45289

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

Debian dla-3610 : python-urllib3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3610 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3610-1 [email protected]...

Debian dla-3432 : idle-python2.7 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3432 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3432-1 [email protected]...

RHEL 7 : python27 (RHSA-2020:4273)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4273 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Scientific Linux Security Update : python on SL7.x i686/x86_64 (2022:5235)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:5235-1 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python-urllib3: CRLF injection via HTTP request method...

Oracle Linux 8 : python27:2.7 (ELSA-2021-1761)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1761 advisory. - Security fix for CVE-2021-3177 Resolves: rhbz1919163 - Security fix for CVE-2020-26116: Reject control chars in HTTP method in httplib.putrequest...

SUSE SLES11 Security Update : python (SUSE-SU-2020:14550-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14550-1 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

python3 security update

3.6.8-37.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-37 - Fix for CVE-2021-23336 Resolves: rhbz1928904 3.6.8-36 - Fix for CVE-2021-3177 Resolves: rhbz1918168 3.6.8-35 - New options -a and -k for pathfix.py script backported from upstream Resolves: rhbz1917691 3.6.8-3...

Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft File Systems Agent (CVE-2020-26116)

Summary Python is vulnerable to CRLF injection which affects the IBM Spectrum Protect Plus Microsoft® Windows File Systems agent. Vulnerability Details CVEID: CVE-2020-26116 DESCRIPTION: Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. B...

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

CVE-2020-26116

CVE-2020-26116 affects Python’s http.client/httplib in 3.x releases. The issue allows CRLF injection when an attacker controls the HTTP request method, demonstrated by inserting CR/LF into the first argument of HTTPConnection.request. Affected versions include Python 3.x before 3.5.10, 3.6.x befo...

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

FreeBSD : Python -- multiple vulnerabilities (33c05d57-bf6e-11ea-ba1e-0800273f78d3)

Python reports : The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwage...

Python -- multiple vulnerabilities

Python reports: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager...

[SECURITY] [DLA 1835-2] python3.4 regression update

Package : python3.4 Version : 3.4.2-1+deb8u4 CVE ID : CVE-2019-9740 CVE-2019-9947 Debian Bug : 931044 The update issued as DLA-1835-1 caused a regression in the http.client library in Python 3.4 which was broken by the patch intended to fix CVE-2019-9740 and CVE-2019-9947. For Debian 8 "Jessie",...

Updated python packages fix security vulnerabilities

Updated python and python3 packages fixes security vulnerability: - Heap overflow in zipimporter module CVE-2016-5636. - HTTP header injection in urrlib2/urllib/httplib/http.client CVE-2016-5699. - smtplib StartTLS stripping attack CVE-2016-0772...