Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891834
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for python2.7 (DLA-1834-1)
Summary:The remote host is missing an update for the 'python2.7'; package(s) announced via the DLA-1834-1 advisory.
Description:Summary:
The remote host is missing an update for the 'python2.7'
package(s) announced via the DLA-1834-1 advisory.

Vulnerability Insight:
Multiple vulnerabilities were discovered in Python, an interactive
high-level object-oriented language, including

CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash
salt during initialization. This could make it easy to conduct
denial of service attacks against Expat by constructing an XML
document that would cause pathological hash collisions in Expat's
internal data structures, consuming large amounts CPU and RAM.

CVE-2019-5010

NULL pointer dereference using a specially crafted X509 certificate.

CVE-2019-9636

Improper Handling of Unicode Encoding (with an incorrect netloc)
during NFKC normalization resulting in information disclosure
(credentials, cookies, etc. that are cached against a given
hostname). A specially crafted URL could be incorrectly parsed to
locate cookies or authentication data and send that information to
a different host than when parsed correctly.

CVE-2019-9740

An issue was discovered in urllib2 where CRLF injection is possible
if the attacker controls a url parameter, as demonstrated by the
first argument to urllib.request.urlopen with \r\n (specifically in
the query string after a ? character) followed by an HTTP header or
a Redis command.

CVE-2019-9947

An issue was discovered in urllib2 where CRLF injection is possible
if the attacker controls a url parameter, as demonstrated by the
first argument to urllib.request.urlopen with \r\n (specifically in
the path component of a URL that lacks a ? character) followed by an
HTTP header or a Redis command. This is similar to the CVE-2019-9740
query string issue.

CVE-2019-9948

urllib supports the local_file: scheme, which makes it easier for
remote attackers to bypass protection mechanisms that blacklist
file: URIs, as demonstrated by triggering a
urllib.urlopen('local_file:///etc/passwd') call.

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered which still
allows an attacker to exploit CVE-2019-9636 by abusing the user and
password parts of a URL. When an application parses user-supplied
URLs to store cookies, authentication credentials, or other kind of
information, it is possible for an attacker to provide specially
crafted URLs to make the application locate host-related information
(e.g. cookies, authentication data) and send them to a different
host than where it should, unlike if the URLs had been correctly
parsed. The result of an attack may vary based on the application.

Affected Software/OS:
'python2.7' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
2.7.9-2+deb8u3.

We recommend that you upgrade your python2.7 packages.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-5010
https://security.gentoo.org/glsa/202003-26
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
RedHat Security Advisories: RHSA-2019:3520
https://access.redhat.com/errata/RHSA-2019:3520
RedHat Security Advisories: RHSA-2019:3725
https://access.redhat.com/errata/RHSA-2019:3725
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-9636
BugTraq ID: 107400
http://www.securityfocus.com/bid/107400
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/
https://bugs.python.org/issue36216
https://github.com/python/cpython/pull/12201
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html
RedHat Security Advisories: RHBA-2019:0763
https://access.redhat.com/errata/RHBA-2019:0763
RedHat Security Advisories: RHBA-2019:0764
https://access.redhat.com/errata/RHBA-2019:0764
RedHat Security Advisories: RHBA-2019:0959
https://access.redhat.com/errata/RHBA-2019:0959
RedHat Security Advisories: RHSA-2019:0710
https://access.redhat.com/errata/RHSA-2019:0710
RedHat Security Advisories: RHSA-2019:0765
https://access.redhat.com/errata/RHSA-2019:0765
RedHat Security Advisories: RHSA-2019:0806
https://access.redhat.com/errata/RHSA-2019:0806
RedHat Security Advisories: RHSA-2019:0902
https://access.redhat.com/errata/RHSA-2019:0902
RedHat Security Advisories: RHSA-2019:0981
https://access.redhat.com/errata/RHSA-2019:0981
RedHat Security Advisories: RHSA-2019:0997
https://access.redhat.com/errata/RHSA-2019:0997
RedHat Security Advisories: RHSA-2019:1467
https://access.redhat.com/errata/RHSA-2019:1467
RedHat Security Advisories: RHSA-2019:2980
https://access.redhat.com/errata/RHSA-2019:2980
RedHat Security Advisories: RHSA-2019:3170
https://access.redhat.com/errata/RHSA-2019:3170
SuSE Security Announcement: openSUSE-SU-2019:1273 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html
SuSE Security Announcement: openSUSE-SU-2019:1282 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html
SuSE Security Announcement: openSUSE-SU-2019:1371 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html
SuSE Security Announcement: openSUSE-SU-2019:1580 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html
SuSE Security Announcement: openSUSE-SU-2019:1906 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html
https://usn.ubuntu.com/4127-1/
https://usn.ubuntu.com/4127-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9740
BugTraq ID: 107466
http://www.securityfocus.com/bid/107466
Bugtraq: 20191021 [slackware-security] python (SSA:2019-293-01) (Google Search)
https://seclists.org/bugtraq/2019/Oct/29
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
https://bugs.python.org/issue36276
https://lists.debian.org/debian-lts-announce/2019/06/msg00026.html
http://www.openwall.com/lists/oss-security/2021/02/04/2
RedHat Security Advisories: RHSA-2019:1260
https://access.redhat.com/errata/RHSA-2019:1260
RedHat Security Advisories: RHSA-2019:2030
https://access.redhat.com/errata/RHSA-2019:2030
RedHat Security Advisories: RHSA-2019:3335
https://access.redhat.com/errata/RHSA-2019:3335
SuSE Security Announcement: openSUSE-SU-2019:2131 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
SuSE Security Announcement: openSUSE-SU-2019:2133 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-9947
https://bugs.python.org/issue35906
SuSE Security Announcement: openSUSE-SU-2019:2389 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html
SuSE Security Announcement: openSUSE-SU-2019:2393 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-9948
BugTraq ID: 107549
http://www.securityfocus.com/bid/107549
https://bugs.python.org/issue35907
https://github.com/python/cpython/pull/11842
https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html
RedHat Security Advisories: RHSA-2019:1700
https://access.redhat.com/errata/RHSA-2019:1700
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.