MGASA-2019-0148 Updated python packages fix security vulnerability

A vulnerability was found in Python 2.x through 2.7.16. An improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization could lead to an Information Disclosure credentials, cookies, etc. that are cached against a given hostname in the urllib.parse.urlsplit,...

MGASA-2019-0135 Updated python3 packages fix security vulnerability

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

MGASA-2019-0084 Updated python packages fix security vulnerability

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted...

aequitas (>=0.26.0 <=0.34.0), alembic-viz (=0.1.0) +151 more potentially affected by CVE-2019-7548 via sqlalchemy (>=0.7.7 <=1.2.17)

sqlalchemy PYPI version =0.7.7, =0.26.0, =1.10.0, =0.10.0, =0.1.6, =1.0.0a0, =1.0.0, =0.0.4, =1.0.1, =0.6.7.post3, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.0.6 and more Source cves: CVE-2019-7548 Source advisory: OSV:PYSEC-2019-124...

MGASA-2018-0495 Updated python packages fix security vulnerabilities

Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided CVE-2017-18207. Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service...

abeja-sdk (>=0.2.0rc1 <=1.1.0rc1), abejacli (>=1.0.2 <=1.0.2rc1) +492 more potentially affected by CVE-2018-20060 via urllib3 (>=1.10.2 <=1.22.0)

urllib3 PYPI version =1.10.2, =0.2.0rc1, =1.0.2, =0.18.0.3, =0.70.0, =0.0.1, =0.5.0, =1.1.0rc6, =0.8.0, =0.0.2, =0.1.3, =2.4.1, =2.5.1 and more Source cves: CVE-2018-20060 Source advisory: OSV:PYSEC-2018-32...

alauda (=0.2.2), burp-ui (>=0.4.1 <=0.5.1) +89 more potentially affected by CVE-2018-1000808 via pyopenssl (>=0.13.0 <=17.4.0)

pyopenssl PYPI version =0.13.0, =0.4.1, =1.2.1.20160901, =0.9.5, =0.2.10.3, =2.2.0, =0.5.0, =0.3.0, =0.2.4, =0.9.2, =0.9.7, =1.9.5, =1.9.65 and more Source cves: CVE-2018-1000808 Source advisory: OSV:PYSEC-2018-24...

HeapHopper - A Bounded Model Checking Framework For Heap-implementations

HeapHopper is a bounded model checking framework for Heap-implementations. Setup sudo apt update && sudo apt install build-essential python-dev virtualenvwrapper git clone https://github.com/angr/heaphopper.git && cd ./heaphopper mkvirtualenv -ppython2 heaphopper pip install -e . Required Package...

Virus Bulletin 2018: Microsoft’s Lambert on How Cloud is Changing Security

MONTREAL – As businesses increasingly turn to the cloud and to software-as-a-service applications, they are finding themselves with new attack surfaces and new types of threats – specifically, hard-to-thwart supply-chain attacks that have the potential for large amounts of collateral damage. In a...

argschema (>=1.16.1 <=1.16.5), aries-cloudagent (>=0.3.3 <=0.5.1) +25 more potentially affected by CVE-2018-17175 via marshmallow (>=3.0.0 <=3.0.0b8)

marshmallow PYPI version =3.0.0, =1.16.1, =0.3.3, =0.0.22, =0.1.1, =0.1.0, =0.0.18, =0.19.0, =0.1.0, =0.3.0, =1.0.0, =0.0.4, =0.1.0, =0.0.1, =0.0.4 and more Source cves: CVE-2018-17175 Source advisory: OSV:PYSEC-2018-67...

abbr (=0.0.0), aequitas (>=0.26.0 <=0.42.0) +112 more potentially affected by CVE-2018-1000656 via flask (>=0.10.1 <=0.12.2)

flask PYPI version =0.10.1, =0.26.0, =1.4.15, =0.11.1, =0.4.0, =0.1.0, =0.1.1, =0.1.17, =0.1.0, =0.4.1, =0.1.0, =0.0.1, =1.0.8, =1.1.0 and more Source cves: CVE-2018-1000656 Source advisory: OSV:GHSA-562C-5R94-XH97...

aepp-sdk (>=0.18.0.3 <=0.18.0.4), aletheia (=0.0.1) +63 more potentially affected by CVE-2018-10903 via cryptography (>=1.9.0 <=2.2.2)

cryptography PYPI version =1.9.0, =0.18.0.3, =3.1.0, =0.2.0, =0.2.2, =0.7.1, =1.2.1.20160901, =0.8.0, =0.0.1, =0.5.4, =0.9.191, =0.7.0, =0.3.1, =0.4.0 and more Source cves: CVE-2018-10903 Source advisory: OSV:PYSEC-2018-52...

ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +65 more potentially affected by CVE-2018-1000519 via aiohttp-session (>=0.8.0 <=2.1.0)

aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000519 Source advisory: OSV:PYSEC-2018-80...

Prowler - Distributed Network Vulnerability Scanner

Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon - HackSmith v1.0. Capabilities Scan a network a particular subnet or a list of IP addresses for all IP addresses associated with active network devices...

MGASA-2018-0256 Updated python packages fix security vulnerabilities

Updated python packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop method. An attacker could use this flaw to cause denial of service CVE-2018-1060. A flaw was found in the way catastrophic backtracking was...

Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01)

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-124-01. The text itself is copyright C Slackware Linu...

aacrgenie (>=9.0.0 <=12.5.0), aalam-common (=0.1.78) +549 more potentially affected by CVE-2018-6594 via pycrypto (>=2.4.1 <=2.6.1)

pycrypto PYPI version =2.4.1, =9.0.0, =0.0.8, =1.1.3, =1.0.1, =3.4.0, =0.4.0b0, =3.0.0b1, =0.0.2, =0.0.1, =1.0.0, =0.0.4, =0.3.1 and more Source cves: CVE-2018-6594 Source advisory: OSV:PYSEC-2018-97...

MGASA-2018-0004 Updated python/python3 packages fix security vulnerability

It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code CVE-2017-1000158...

[SECURITY] [DLA 1189-1] python2.7 security update

Package : python2.7 Version : 2.7.3-6+deb7u4 CVE ID : CVE-2017-1000158 A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language. CVE-2017-1000158 CPython the reference implementation of Python also commonly known as simply Python version...

New and Improved Version of airpwn: airpwn-ng

Features Inject to all visible clients a.k.a Broadcast Mode Inject on both open networks and WEP/WPA protected networks Targeted injection with -t MAC:ADDRESS MAC:ADDRESS Gather all visible cookies Broadcast Mode Gather cookies for specific websites –websites websiteslist.txt In this scenario,...