SUSE-SU-2019:0971-1 Security update for python3

This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization bsc1129346...

SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2019:0961-1)

This update for python3 fixes the following issues : Security issue fixed : CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization bsc1129346. Note that Tenable Network Security has extracted the preceding description block...

Important: Red Hat Security Advisory: rh-python36-python security update

An update for rh-python36-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

SUSE SLES11 Security Update : python (SUSE-SU-2019:14018-1)

This update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

SUSE-SU-2019:0888-2 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout...

openSUSE Security Update : apache2 (openSUSE-2019-1190)

This update for apache2 fixes the following issues : - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these...

Security update for apache2 (important)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2019:1190-1 Rating: important References: 1131233 1131237 1131239 1131241 1131245 Cross-References: CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Affected Products: openSUSE Leap 42.3 An...

DEBIAN-CVE-2019-11072

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burlnormalize2Ftoslashfix in burl.c. NOTE:...

Scientific Linux Security Update : python on SL7.x x86_64 (20190408)

Security Fixes : - python: Information Disclosure due to urlsplit improper NFKC normalization CVE-2019-9636 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid123917; scriptversion"1.4";...

RHEL 7 : python (RHSA-2019:0710)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0710 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Linux

When the path component of a request URL contains multiple consecutive slashes SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Windows

When the path component of a request URL contains multiple consecutive slashes SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0888-1)

This update for apache2 fixes the following issues : CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout a...

SUSE-SU-2019:0888-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1)

This update for apache2 fixes the following issues : CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencie...

SUSE-SU-2019:0878-1 Security update for apache2

This update for apache2 fixes the following issues: CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies...

Debian DLA-1748-1 : apache2 security update

Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was...

Important: httpd

Issue Overview: In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulati...

EulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1277)

According to the version of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc...