SUSE SLES12 Security Update : python36 (SUSE-SU-2021:0428-1)

This update for python36 fixes the following issues : buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution bsc1181126, CVE-2021-3177. Provide the newest setuptools wheel bsc1176262, CVE-2019-20916 in their correct form bsc1180686. Note that Tenable Network...

CentOS 8 : python36:3.6 (CESA-2019:0984)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:0984 advisory. - python-sqlalchemy: SQL Injection when the orderby parameter can be controlled CVE-2019-7164 - python-sqlalchemy: SQL Injection when the groupby...

SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3865-1)

This update for python36 fixes the following issues : CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen bsc1155094 CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262. CVE-2020-27619: Fixed an issue where the CJK codec tests call eval on...

SUSE-SU-2020:3865-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen bsc1155094 - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262. - CVE-2020-27619: Fixed an issue where the CJK codec tests call eval...

SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3563-1)

This update for python36 fixes the following issues : Update to 3.6.12, including the following fixes : Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 Fixed CRLF injection via HTTP request method in httplib/http.client bsc1177211 CVE-2020-26116 Fixed possible infinite lo...

python36:3.6 bug fix and enhancement update

An update is available for python-pymongo, python-sqlalchemy, python-docutils, python-pygments, python-PyMySQL, python-docs, python36, python-virtualenv, python-distro, python-nose, python-wheel, scipy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, whic...

Amazon Linux AMI : python34, python36, python35 (ALAS-2020-1432)

The version of python34 installed on the remote host is prior to 3.4.10-1.52. The version of python35 installed on the remote host is prior to 3.5.9-1.28. The version of python36 installed on the remote host is prior to 3.6.12-1.19. It is, therefore, affected by multiple vulnerabilities as...

Amazon Linux AMI : python36 (ALAS-2020-1428)

The version of python36 installed on the remote host is prior to 3.6.11-1.18. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1428 advisory. In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when...

Medium: python36

Issue Overview: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Pyth...

SUSE SLES12 Security Update : python36 (SUSE-SU-2020:2216-1)

This update for python36 fixes the following issues : CVE-2019-20907, bsc1174091: avoiding possible infinite loop in specifically crafted tarball. CVE-2020-14422, bsc1173274: where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Note that Tenable Network Security has extract...

Fedora 31 : python36 (2020-efb908b6a8)

Security fix for CVE-2019-20907, CVE-2020-14422. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

Fedora: Security Advisory for python36 (FEDORA-2020-1ddd5273d6)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : python36 (2020-1ddd5273d6)

Security fix for CVE-2019-20907, CVE-2020-14422. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

Fedora: Security Advisory for python36 (FEDORA-2020-ea5bdbcc90)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python36 (FEDORA-2020-8bdd3fd7a4)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0750-1)

This update for python36 fixes the following issues : CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised bsc1155094. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

SUSE-SU-2020:0750-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised bsc1155094...

SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0557-1)

This update for python36 fixes the following issues : Security issues fixed : CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issue...

SUSE-SU-2020:0557-1 Security update for python36

This update for python36 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issue...

Amazon Linux AMI : python27, python35, python36 (ALAS-2020-1342)

The version of python27 installed on the remote host is prior to 2.7.16-1.131. The version of python35 installed on the remote host is prior to 3.5.7-1.25. The version of python36 installed on the remote host is prior to 3.6.10-1.16. It is, therefore, affected by a vulnerability as referenced in...