Vulnerabilities fixed in Python

SUSE has fixed vulnerabilities in Python. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Bypassing authentication -= SUSE =- SUSE has made updates available to fix the vulnerabilities ...

USN-4151-2 python2.7, python3.4 vulnerabilities

USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to tric...

Ubuntu 16.04 LTS / 18.04 LTS : Python vulnerabilities (USN-4151-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4151-1 advisory. It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python...

USN-4127-1: Python vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only...

USN-4127-2: Python vulnerabilities

USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume...

Ubuntu 16.04 LTS / 18.04 LTS : Python vulnerabilities (USN-4127-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4127-1 advisory. It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading ...

Amazon Linux AMI : python27 (ALAS-2019-1258)

A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies,...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to perform attacks execute attacks that lead to the following categories of damage: Denial-of-Service Manipulation of data Circumvention of security measure Access to sensitive data Accessing system data -= Re...

SUSE-SU-2019:0482-2 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser bsc1122191. - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat bsc1109847. Non-security issue fixed: - Fixed a bug wher...

OPENSUSE-SU-2019:1273-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in python (CVE-2018-1061 CVE-2018-1060 CVE-2016-5636)

Summary IBM Advanced Management Module AMM has addressed the following vulnerabilities in python. Vulnerability Details CVEID: CVE-2018-1061 DESCRIPTION: Python is vulnerable to a denial of service, caused by catastrophic backtracking in the difflib.ISLINEJUNK method. A remote attacker could...

Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Python

Summary Vulnerabilities in Python have been addressed by IBM RackSwitch firmware products listed below. Vulnerability Details CVEID: CVE-2018-1060 DESCRIPTION: Python is vulnerable to a denial of service, caused by catastrophic backtracking in the pop3lib''s apop method. A remote attacker could...

SUSE-SU-2019:0482-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser bsc1122191. - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat bsc1109847. Non-security issue fixed: - Fixed a bug wher...

SUSE-SU-2019:0223-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 - CVE-2016-5636: heap overflow when importing malformed zip files bsc985177 - CVE-2016-5699: incorrect validation of HTTP headers allow header...

USN-3817-1 python2.7, python3.4, python3.5 vulnerabilities

It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2018-1000030 It was...

Security Bulletin: Vulnerabilities in Python affect IBM Operations Analytics Predictive Insights (CVE-2018-1060, CVE-2018-1061)

Summary Python is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Python within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use tha...

SUSE-SU-2018:3554-1 Security update for python, python-base

This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module makearchive function via passage of unfiltered user input bsc1109663. - CVE-2018-1061: Fixed DoS via regular expression backtracking in...

Security Bulletin: Vulnerabilities in Python affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in Python. Vulnerability Details CVEID: CVE-2017-18207 DESCRIPTION: Python is vulnerable to a denial of service, caused by a divide-by-zero in the Waveread.readfmtchunk function in Lib/wave.py. By...

Security Bulletin: IBM Security Access Manager is affected by vulnerabilities in Python (CVE-2016-0772, CVE-2016-5699, CVE-2016-1000110)

Summary Vulnerabilities have been identified in Python. IBM Security Access Manager appliances use Python and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0772 DESCRIPTION: Python's smtplib library is vulnerable to a stripping attack. An exception isn't returned by...

GLSA-201701-18 : Python: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201701-18 Python: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially...