python27:2.7 security, bug fix, and enhancement update

An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet,...

Amazon Linux 2 : python-virtualenv (ALAS-2020-1413)

The version of python-virtualenv installed on the remote host is prior to 15.1.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1413 advisory. urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirec...

Medium: python-virtualenv

Issue Overview: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in...

CentOS 7 : python-virtualenv (RHSA-2020:0851)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect...

CentOS: Security Advisory for python-virtualenv (CESA-2020:0851)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Oracle Linux 7 : python-virtualenv (ELSA-2020-0851)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0851 advisory. 15.1.0-4 - Bump Resolves: rhbz1649153 Resolves: rhbz1700824 Resolves: rhbz1643829 15.1.0-3 - Add three new patches for CVEs in bundled urllib3 and...

Scientific Linux Security Update : python-virtualenv on SL7.x (noarch) (20200317)

Security Fixes : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-requests: Redire...

python-virtualenv security update

15.1.0-4 - Bump Resolves: rhbz1649153 Resolves: rhbz1700824 Resolves: rhbz1643829 15.1.0-3 - Add three new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2018-18074 Resolves: rhbz1649153 Resolves: rhbz1700824 Resolves: rhbz1643829...

Moderate: Red Hat Security Advisory: python-virtualenv security update

An update for python-virtualenv is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

Moderate: Red Hat Security Advisory: python27 security, bug fix, and enhancement update

Updated python27 packages are now available as a part of Red Hat Software Collections 2.2 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

MGASA-2015-0180 Updated python-pip packages fix security vulnerabilities

Updated python-pip and python-virtualenv packages fix security vulnerability: The mirroring support in python-pip was implemented without any sort of authenticity checks and is downloaded over plaintext HTTP. Further more by default it will dynamically discover the list of available mirrors by...

Fedora 20 : python-virtualenv-12.0.7-1.fc20 (2015-6006)

Security fix for CVE-2013-5123 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for python-virtualenv FEDORA-2015-5974

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for python-virtualenv FEDORA-2015-6006

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : python-virtualenv-12.0.7-1.fc21 (2015-5974)

Security fix for CVE-2013-5123 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

MGASA-2013-0376 Updated python3 and related packages fix security vulnerabilities and prevent an error

Changed behavior of ssl.matchhostname to follow RFC 6125 Also python-virtualenv has had incdir settings altered to avoid "include nested too deeply" error mga11283...

MGASA-2013-0274 Updated python-setuptools and python-virtualenv packages fix security vulnerability

easyinstall in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product CVE-2013-1633...

[ MDVSA-2013:227 ] python-setuptools

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:227 http://www.mandriva.com/en/support/security/ Package : python-setuptools Date : September 9, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been...

Mandriva Linux Security Advisory : python-setuptools (MDVSA-2013:227)

A vulnerability has been discovered and corrected in python-setuptools/python-virtualenv : easyinstall in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute...

Fedora Update for python-virtualenv FEDORA-2013-14891

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...