|
|
Subscribe / Log in / New account

Mageia alert MGASA-2019-0148 (python)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2019-0148: Updated python packages fix security vulnerability 


Date:
              Thu, 11 Apr 2019 00:08:18 +0200


Message-ID:
              <20190410220818.D64FC9F8E0@duvel.mageia.org>


MGASA-2019-0148 - Updated python packages fix security vulnerability

Publication date: 10 Apr 2019
URL: https://advisories.mageia.org/MGASA-2019-0148.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2019-9636

Description:
A vulnerability was found in Python 2.x through 2.7.16. An improper
Handling of Unicode Encoding (with an incorrect netloc) during NFKC
normalization could lead to an Information Disclosure (credentials,
cookies, etc. that are cached against a given hostname) in the
urllib.parse.urlsplit, urllib.parse.urlparse components. A specially
crafted URL could be incorrectly parsed to locate cookies or
authentication data and send that information to a different host than
when parsed correctly (CVE-2019-9636).

References:
- https://bugs.mageia.org/show_bug.cgi?id=24640
- https://access.redhat.com/errata/RHSA-2019:0710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636

SRPMS:
- 6/core/python-2.7.15-1.3.mga6
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds