USN-4127-2: Python vulnerabilities

USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume...

Ubuntu 16.04 LTS / 18.04 LTS : Python vulnerabilities (USN-4127-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4127-1 advisory. It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading ...

USN-4127-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-20406 It was discovered that Python incorrectly validated t...

Amazon Linux AMI : python35 (ALAS-2019-1243)

An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed by an HTTP header...

Amazon Linux 2 : python (ALAS-2019-1230)

A NULL pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...

[SECURITY] [DLA 1835-1] python3.4 security update

Package : python3.4 Version : 3.4.2-1+deb8u3 CVE ID : CVE-2018-14647 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 Debian Bug : 921039 924072 Multiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including CVE-2018-14647 Pythons elementtree C...

Important: python

Issue Overview: A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate...

openSUSE: Security Advisory for python (openSUSE-SU-2019:1580-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : python (openSUSE-2019-1580)

This update for python fixes the following issues : Security issues fixed : - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFK...

[ASA-201906-17] python: information disclosure

Arch Linux Security Advisory ASA-201906-17 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-9636 Package : python Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-977 Summary ======= The package python before version...

Security update for python (important)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2019:1580-1 Rating: important References: 1129346 1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available. Description:...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2019:1439-1)

This update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

SUSE-SU-2019:1439-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

Amazon Linux AMI : python36 (ALAS-2019-1204)

Python is affected by improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack...

Important: python36

Issue Overview: Python is affected by improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlsplit,...

EulerOS Virtualization for ARM 64 3.0.1.0 : python (EulerOS-SA-2019-1403)

According to the versions of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an...

openSUSE Security Update : python3 (openSUSE-2019-1371)

This update for python3 fixes the following issues : Security issue fixed : - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization bsc1129346. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL...

Amazon Linux AMI : python34 (ALAS-2019-1202)

Python is affected by improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack...

EulerOS 2.0 SP3 : python (EulerOS-SA-2019-1337)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop method. An...

Amazon Linux 2 : python3 (ALAS-2019-1204)

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...