Download
| Alert*
|
oval:org.secpod.oval:def:1601210
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request oval:org.secpod.oval:def:118849 Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ... oval:org.secpod.oval:def:89002805 This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs . - Skip test for RECENT_DATE . oval:org.secpod.oval:def:67174 python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Python could be used to perform a CRLF injecti ... oval:org.secpod.oval:def:118795 Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ... oval:org.secpod.oval:def:118792 Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ... oval:org.secpod.oval:def:119071 MinGW Windows python3 library. oval:org.secpod.oval:def:65713 The host is installed with Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle HTTP request method. Successful exploitation allows attacker to ca ... oval:org.secpod.oval:def:89043610 This update for python-urllib3 fixes the following issues: - Raise ValueError if method contains control characters and thus prevents CRLF injection into URLs . oval:org.secpod.oval:def:506088 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:89050310 This update for python fixes the following issues: - bsc#1177211 no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. oval:org.secpod.oval:def:506146 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:507012 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:505003 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:1505807 [2.7.5-92.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-92] - Security fix for CVE-2021-3177 Resolves: rhbz#1918168 [2.7.5-91] - Security fixes for CVE-2020-26116, CVE-2020-26137 and CVE-2022-0391 - Test fixes for the latest expat security release - Update the certific ... oval:org.secpod.oval:def:705696 python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Python could be used to perform a CRLF injecti ... oval:org.secpod.oval:def:73605 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:4501247 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1505250 python38 [3.8.6-3] - Security fix for CVE-2021-3177 Resolves: rhbz#1919161 [3.8.6-2] - Add support for upstream architecture names https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names Resolves: rhbz#1868006 [3.8.6-1] - Update to 3.8.6 - Security fix for CVE-2020-26116 python-req ... oval:org.secpod.oval:def:89000622 This update for python3 fixes the following issues: - bsc#1177211 no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. oval:org.secpod.oval:def:89000226 This update for python fixes the following issues: - bsc#1177211 no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. oval:org.secpod.oval:def:4501228 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:2500447 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:2003946 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. oval:org.secpod.oval:def:2106181 Oracle Solaris 11 - ( CVE-2020-26116 ) oval:org.secpod.oval:def:89000218 This update for python fixes the following issues: - CVE-2020-26116: Fixed CRLF injection via HTTP request method . oval:org.secpod.oval:def:73620 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:2500230 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:1505196 python2 [2.7.18-4.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [2.7.18-4] - Security fix for CVE-2021-3177 Resolves: rhbz#1919163 [2.7.18-3] - Fixes for bundling prefix=/app build in gimp/inkscape containers Resolves: rhbz#1907592 [2.7.18-2] - Security fix for CVE-2020-2611 ... oval:org.secpod.oval:def:1700636 A flaw was found in Python. The built-in modules httplib and http.client do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and in ... oval:org.secpod.oval:def:205960 Security Fix: python: CRLF injection via HTTP request method in httplib/http.client python-urllib3: CRLF injection via HTTP request method python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c For more details about the security issue, including the impact, a CVSS score, acknow ... oval:org.secpod.oval:def:2500404 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:506105 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:705928 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Details: USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu ... oval:org.secpod.oval:def:1700646 A flaw was found in Python. The built-in modules httplib and http.client do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and in ... oval:org.secpod.oval:def:1504934 [3.6.8-37.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-37] - Fix for CVE-2021-23336 Resolves: rhbz#1928904 [3.6.8-36] - Fix for CVE-2021-3177 Resolves: rhbz#1918168 [3.6.8-35] - New options -a and -k for pathfix.py script backported from upstream Resolves: rhbz#19176 ... oval:org.secpod.oval:def:70554 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Details: USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Linux ... oval:org.secpod.oval:def:1701887 An XML External Entity issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities oval:org.secpod.oval:def:73592 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:504947 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:89047169 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 , where Lib/test/multibytecodec_support calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 - ad ... oval:org.secpod.oval:def:504961 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:89000166 This update for python36 fixes the following issues: Update to 3.6.12, including the following fixes: - Fixed a directory traversal in _download_http_url - Fixed CRLF injection via HTTP request method in httplib/http.client - Fixed possible infinite loop in specifically crafted tarball - Fixed a ... oval:org.secpod.oval:def:97568 [CLSA-2021:1633442879] Fixed CVEs in python: CVE-2020-8492, CVE-2020-27619, CVE-2018-20852, CVE-2020-26116 oval:org.secpod.oval:def:89000524 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 , where Lib/test/multibytecodec_support calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 - ad ... |
