Mageia: Security Advisory (MGASA-2014-0216)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

file security, bug fix, and enhancement update

5.04-30 - fix CVE-2014-3538 unrestricted regular expression matching 5.04-29 - fix 1284826 - try to read ELF header to detect corrupted one 5.04-28 - fix 1263987 - fix bugs found by coverity in the patch 5.04-27 - fix CVE-2014-3587 incomplete fix for CVE-2012-1571 - fix CVE-2014-3710 out-of-bound...

CVE-2014-2667

Race condition in the getmaskedmode function in Lib/os.py in Python 3.2 through 3.5, when existok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the...

[SECURITY] Fedora 20 Update: python-backports-ssl_match_hostname-3.4.0.2-1.fc20

The Secure Sockets layer is only actually secure if you check the hostname in the certificate returned by the server to which you are connecting, and ver ify that it matches to hostname that you are trying to reach. But the matching logic, defined in RFC2818, can be a bit tricky to implemen t on...

Fedora Update for python-backports-ssl_match_hostname FEDORA-2013-20200

Check for the Version of python-backports-sslmatchhostname OpenVAS Vulnerability Test Fedora Update for python-backports-sslmatchhostname FEDORA-2013-20200 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...

[SECURITY] Fedora 19 Update: python-backports-ssl_match_hostname-3.4.0.2-1.fc19

The Secure Sockets layer is only actually secure if you check the hostname in the certificate returned by the server to which you are connecting, and ver ify that it matches to hostname that you are trying to reach. But the matching logic, defined in RFC2818, can be a bit tricky to implemen t on...

CVE-2013-2099

Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...

Python 'ssl.match_hostname()'函数拒绝服务漏洞

BUGTRAQ ID: 59877 Py-bcrypt是OpenBSD Blowfish密码哈希算法的实现。 Python 3.2中，python-backports-sslmatchhostname匹配含有多个""通配符的证书名称时存在拒绝服务漏洞，远程攻击者可通过发送恶意构造的ssl证书导致拒绝服务。 0 python 3.2 厂商补丁： Python ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： www.python.org...

Python 3.2 - 'audioop' Module Memory Corruption

source: https://www.securityfocus.com/bid/40863/info The 'audioop' module for Python is prone to a memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-servi...

Integer overflow

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service application crash via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a...

CVE-2010-1634

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service application crash via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a...