python: proxy injection

Package(s):

python

CVE #(s):

CVE-2016-1000110

Created:

August 12, 2016

Updated:

August 22, 2016

Description:

From the Red Hat bugzilla entry:

Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTP_PROXY” environmental variable based on the header value. When this variable is used (in many cases automatically by various HTTP client libraries) any outgoing requests generated in turn from the attackers original request can be redirected to an attacker controlled proxy. This allows attackers to view potentially sensitive information, reply with malformed data, or to hold connections open causing a potential denial of service.

Alerts:

Mageia	MGASA-2016-0296	python3/python	2016-08-31
Fedora	FEDORA-2016-970edb82d4	python	2016-08-23
Scientific Linux	SLSA-2016:1626-1	python	2016-08-19
openSUSE	openSUSE-SU-2016:2120-1	python3	2016-08-19
CentOS	CESA-2016:1626	python	2016-08-18
CentOS	CESA-2016:1626	python	2016-08-18
Oracle	ELSA-2016-1626	python	2016-08-18
Oracle	ELSA-2016-1626	python	2016-08-18
Red Hat	RHSA-2016:1627-01	rh-python35-python	2016-08-18
Red Hat	RHSA-2016:1630-01	rh-python34-python	2016-08-18
Red Hat	RHSA-2016:1629-01	python33-python	2016-08-18
Red Hat	RHSA-2016:1628-01	python27-python	2016-08-18
Red Hat	RHSA-2016:1626-01	python	2016-08-18
Fedora	FEDORA-2016-604616dc33	python3	2016-08-18
Fedora	FEDORA-2016-2c324d0670	python3	2016-08-11
Fedora	FEDORA-2016-9fd814a7f2	python	2016-08-11
Slackware	SSA:2016-363-01	python	2016-12-28
Ubuntu	USN-3134-1	python2.7, python3.2, python3.4, python3.5	2016-11-22