MGASA-2019-0318 Updated python packages fix security vulnerabilities

Updated python and python3 packages fix security vulnerabilities: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to...

Amazon Linux AMI : python27 / python34,python35,python36 (ALAS-2019-1314)

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

SUSE-SU-2019:2802-1 Security update for python3

This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. bsc1149955 - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py bsc1153238. Non-security issues fixed: - Fixed regression of OpenSSL...

SUSE-SU-2019:2743-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. bsc1130840 - CVE-2019-16056: Fixed a parser issue in the email module...

SUSE-SU-2019:2091-1 Security update for python

This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation...

OPENSUSE-SU-2019:1989-1 Security update for python

This update for python fixes the following issues: - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation bsc1141853. This update was imported from the SUSE:SLE-15:Update update project...

Amazon Linux AMI : python34 / python35,python36 (ALAS-2019-1259)

A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies,...

SUSE-SU-2019:14142-1 Security update for python

This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation...

Important: python27

Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...

Important: python34, python35, python36

Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...

SUSE-SU-2019:2064-1 Security update for python

This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459...

SUSE-SU-2019:1439-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

SUSE-SU-2019:0972-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

SUSE-SU-2019:14018-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

Amazon Linux AMI : python27 / python34,python35,python36 (ALAS-2019-1169)

A NULL pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...

cklauth (>=0.1.0 <=0.3.0), dj-saml-idp (>=1.1.0 <=1.2.1) +18 more potentially affected by CVE-2019-3498 via django (>=2.0.0 <=2.0.1)

django PYPI version =2.0.0, =0.1.0, =1.1.0, =4.3.1, =1.2.7, =0.1.0, =1.7.0, =0.0.3, =0.0.20, =0.1.0 - djangotheming =0.1.0 - fastaudiovisal =0.0.1 - fastaudiovisual =0.0.1 and more Source cves: CVE-2019-3498 Source advisory: OSV:PYSEC-2019-17...

SUSE-SU-2018:3156-1 Security update for python

This update for python fixes the following issue: - CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause...

SUSE-SU-2018:3002-1 Security update for python

This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module makearchive function via passage of unfiltered user input bsc1109663...

Debian DLA-1519-1 : python2.7 security update

Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-base...

SUSE-SU-2018:2408-1 Security update for python

This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.ISLINEJUNK method in difflib bsc1088004. - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop method in pop3lib...