CentOS 8 : python27:2.7 (CESA-2019:3335)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3335 advisory. - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3...

CentOS 8 : python3 (CESA-2019:3520)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3520 advisory. - python: NULL pointer dereference using a specially crafted X509 certificate CVE-2019-5010 - python: CRLF injection via the query part of the url pass...

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

RHEL 8 : python3 (RHSA-2019:3520)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3520 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

python27:2.7 security and bug fix update

An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet, python-markupsafe,...

Scientific Linux Security Update : python on SL7.x x86_64 (20190806)

Security Fixes : - python: Missing salt initialization in elementtree.c module CVE-2018-14647 - python: NULL pointer dereference using a specially crafted X509 certificate CVE-2019-5010 - python: CRLF injection via the query part of the url passed to urlopen CVE-2019-9740 - python: CRLF injection...

Moderate: Red Hat Security Advisory: python security and bug fix update

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

Important: Red Hat Security Advisory: python27-python security update

An update for python27-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...