Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2016-363-01
HistoryDec 28, 2016 - 9:09 p.m.

[slackware-security] python

2016-12-2821:09:54
Slackware Linux Project
www.slackware.com
127

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.289 Low

EPSS

Percentile

96.8%

JSON

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/python-2.7.13-i586-1_slack14.2.txz: Upgraded.
This release fixes security issues:
Issue #27850: Remove 3DES from ssl module’s default cipher list to counter
measure sweet32 attack (CVE-2016-2183).
Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
that the script is in CGI mode.
For more information, see:
https://vulners.com/cve/CVE-2016-2183
https://vulners.com/cve/CVE-2016-1000110
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/python-2.7.13-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/python-2.7.13-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/python-2.7.13-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/python-2.7.13-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/python-2.7.13-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/python-2.7.13-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-2.7.13-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python-2.7.13-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
42ce2e2375725fd992c17b2afbe4960d python-2.7.13-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
0778e88748ade45fba4a7cbee1fd9eb5 python-2.7.13-x86_64-1_slack14.0.txz

Slackware 14.1 package:
4bee31bcfc23433f0a8b386bb64ad051 python-2.7.13-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
d7f9f71c4ad2ea100f9b96250171c670 python-2.7.13-x86_64-1_slack14.1.txz

Slackware 14.2 package:
efea4e1f1f61dfd221e5487ce9fa7864 python-2.7.13-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
84e945560483b28283d9f9ef3ef7f329 python-2.7.13-x86_64-1_slack14.2.txz

Slackware -current package:
0a28044f725982b3eaf647e530c9de85 d/python-2.7.13-i586-1.txz

Slackware x86_64 -current package:
67d18569672de5dd48e4dda2f7ce0e88 d/python-2.7.13-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg python-2.7.13-i586-1_slack14.2.txz

Related

openvas 30
nessus 38
osv 4
cve 3
f5 4
prion 3
fedora 6
veracode 3
amazon 1
mageia 1
redhatcve 2
ubuntucve 2
debiancve 1
checkpoint_advisories 1
ibm 60
attackerkb 1
cloudfoundry 2
alpinelinux 1
hackerone 7
redhat 11
oraclelinux 3
github 1
threatpost 2
openssl 1
centos 2
zdt 1
fortinet 1
exploitpack 1
packetstorm 1
ubuntu 2
symantec 1
seebug 1
exploitdb 1
openvas
openvas
Slackware: Security Advisory (SSA:2016-363-01)
2022-04-21 00:00:00
Python < 2.7.13, 3.3.x < 3.3.7, 3.4.x < 3.4.6, 3.5.x < 3.5.3 HTTPoxy attack (bpo-27568) - Mac OS X
2021-10-06 00:00:00
Fedora Update for python FEDORA-2016-9fd814a7f2
2016-08-12 00:00:00
nessus
nessus
Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2016-363-01) (httpoxy)
2016-12-29 00:00:00
Fedora 25 : python3 (2016-c843c68c77) (httpoxy)
2016-11-15 00:00:00
Fedora 23 : python (2016-970edb82d4) (httpoxy)
2016-08-24 00:00:00
osv
osv
CVE-2016-1000110
2019-11-27 17:15:14
HTTPoxy attack
2019-11-27 16:54:34
CVE-2016-2183
2016-09-01 00:59:00
cve
cve
CVE-2016-1000110
2019-11-27 17:15:00
CVE-2016-2183
2016-09-01 00:59:00
CVE-2023-0296
2023-01-17 21:15:15
f5
f5
K75004031 : Python vulnerability CVE-2016-1000110
2016-07-26 00:00:00
SOL75004031 - Python vulnerability CVE-2016-1000110
2016-07-26 00:00:00
SOL13167034 - OpenSSL vulnerability CVE-2016-2183
2016-10-04 00:00:00
prion
prion
Design/Logic Flaw
2019-11-27 17:15:00
Design/Logic Flaw
2016-09-01 00:59:00
Design/Logic Flaw
2023-01-17 21:15:00
fedora
fedora
[SECURITY] Fedora 23 Update: python-2.7.11-8.fc23
2016-08-23 15:25:34
[SECURITY] Fedora 24 Update: python3-3.5.1-13.fc24
2016-08-11 21:56:25
[SECURITY] Fedora 25 Update: python-2.7.12-3.fc25
2016-08-27 11:43:43
veracode
veracode
Open Redirection
2019-05-02 05:46:32
Information Disclosure
2017-01-09 02:06:31
Weak Encryption
2019-01-15 09:15:57
amazon
amazon
Medium: python34, python27, python26
2016-09-01 18:00:00
mageia
mageia
Updated python3/python packages fix security vulnerability
2016-08-31 20:34:12
redhatcve
redhatcve
CVE-2016-1000110
2016-07-18 14:48:57
CVE-2023-0296
2023-01-16 14:05:12
ubuntucve
ubuntucve
CVE-2016-1000110
2016-07-25 00:00:00
CVE-2016-2183
2016-08-31 00:00:00
debiancve
debiancve
CVE-2016-1000110
2019-11-27 17:15:00
checkpoint_advisories
checkpoint_advisories
Weak SSL 3DES Cipher Suites (CVE-2016-2183)
2016-09-25 00:00:00
ibm
ibm
Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2016-2183)
2018-06-17 15:38:47
Security Bulletin: Vulnerability in the GSKit component of Tivoli Netcool/OMNIbus (CVE-2016-2183)
2018-06-17 15:38:05
Security Bulletin: GSKit Sweet32: Birthday attacks in IBM Content Collector for Microsoft SharePoint
2018-06-17 12:17:39
attackerkb
attackerkb
CVE-2016-2183
2016-09-01 00:00:00
cloudfoundry
cloudfoundry
CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size | Cloud Foundry
2019-10-24 00:00:00
USN-3134-1: Python vulnerabilities | Cloud Foundry
2016-12-14 00:00:00
alpinelinux
alpinelinux
CVE-2016-2183
2016-09-01 00:59:00
hackerone
hackerone
Legal Robot: SWEET32 TLS attack
2017-01-18 18:03:52
Udemy: sweet32
2017-03-31 12:18:22
Yelp: Yelp.com is vulnerable to SWEET32 attack
2017-01-18 17:43:32
redhat
redhat
(RHSA-2019:2859) Moderate: OpenShift Container Platform 4.1.18 security update
2019-09-27 00:13:12
(RHSA-2019:1245) Moderate: Red Hat Quay 3.0.2 security and bug fix update
2019-05-20 14:11:05
(RHSA-2020:3842) Moderate: OpenShift Container Platform 4.5.13 openshift-enterprise-console-container security update
2020-09-30 23:59:28
oraclelinux
oraclelinux
python security update
2018-07-03 00:00:00
python security update
2016-08-18 00:00:00
python security, bug fix, and enhancement update
2016-11-09 00:00:00
github
github
Kyverno vulnerable due to usage of insecure cipher
2023-05-30 20:07:06
threatpost
threatpost
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption
2016-08-24 08:00:39
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
2016-09-23 15:47:13
openssl
openssl
Vulnerability in OpenSSL CVE-2016-2183
2016-08-24 00:00:00
centos
centos
python, tkinter security update
2018-07-13 16:28:09
python, tkinter security update
2016-08-18 17:23:01
zdt
zdt
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea
2017-05-31 00:00:00
fortinet
fortinet
Protect
2019-02-07 00:00:00
exploitpack
exploitpack
IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow
2017-05-30 00:00:00
packetstorm
packetstorm
IBM Informix Dynamic Server DLL Injection / Code Execution
2017-05-31 00:00:00
ubuntu
ubuntu
NSS vulnerabilities
2017-04-27 00:00:00
Python vulnerabilities
2016-11-22 00:00:00
symantec
symantec
SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish
2016-12-22 08:00:00
seebug
seebug
IBM Informix Dynamic Server Open Admin Tool RCE (CVE-2017-1092)
2017-05-24 00:00:00
exploitdb
exploitdb
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow
2017-05-30 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.289 Low

EPSS

Percentile

96.8%

JSON
Related for SSA-2016-363-01
openvas30nessus38osv4cve3f54prion3fedora6veracode3amazon1mageia1redhatcve2ubuntucve2debiancve1checkpoint_advisories1ibm60attackerkb1cloudfoundry2alpinelinux1hackerone7redhat11oraclelinux3github1threatpost2openssl1centos2zdt1fortinet1exploitpack1packetstorm1ubuntu2symantec1seebug1exploitdb1