Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1434)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttl...

Scientific Linux Security Update : python on SL7.x x86_64 (20161103)

Security Fixes : - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. CVE-2016-5636 Additional...

USN-3134-1: Python vulnerabilities | Cloud Foundry

USN-3134-1: Python vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information...

Ubuntu 14.04 LTS / 16.04 LTS : Python vulnerabilities (USN-3134-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3134-1 advisory. It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this t...

USN-3134-1 python2.7, python3.2, python3.4, python3.5 vulnerabilities

It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. CVE-2016-0772 Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTPPROXY environme...

USN-3134-1: Python vulnerabilities

It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. CVE-2016-0772 Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTPPROXY environme...

Low: Red Hat Security Advisory: python security, bug fix, and enhancement update

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

python: Heap overflow in zipimporter module

A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution...

PSF-2016-7 zipimporter overflow

Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...

openSUSE Security Update : python (openSUSE-2016-906)

Python was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2016-0772: TLS stripping attack on smtplib bsc984751 - CVE-2016-5636: zipimporter heap overflow bsc985177 - CVE-2016-5699: httplib header injection bsc985348 This update also includes all upstream bu...

Amazon Linux AMI : python26 / python27,python34 (ALAS-2016-724)

It was found that Python's httplib library used urllib, urllib2 and others did not properly check HTTP header input in HTTPConnection.putheader. An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values. CVE-2016-5699 It w...

Medium: python26, python27, python34

Issue Overview: It was found that Python's httplib library used urllib, urllib2 and others did not properly check HTTP header input in HTTPConnection.putheader. An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values...

Fedora 24 : python (2016-d5917e939e)

Added patch for fixing possible integer overflow and heap corruption in zipimporter.getdata Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possib...

Updated python packages fix security vulnerabilities

Updated python and python3 packages fixes security vulnerability: - Heap overflow in zipimporter module CVE-2016-5636. - HTTP header injection in urrlib2/urllib/httplib/http.client CVE-2016-5699. - smtplib StartTLS stripping attack CVE-2016-0772...

Python zipimport module heap overflow vulnerability

Python is an open source, object-oriented programming language. A security vulnerability in the 'zipimporter.getdata' function in Python's zipimport module allows remote attackers to cause a denial-of-service attack by exploiting the vulnerability to trigger an integer overflow and heap corruptio...

Internet Bug Bounty: Heapoverflow in zipimporter module

https://bugs.python.org/issue26171...