Vulnerabilities > CVE-2019-9636

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Vulnerable Configurations

Part Description Count
Application
Python
269
Application
Redhat
2
Application
Oracle
1
OS
Fedoraproject
4
OS
Opensuse
3
OS
Debian
2
OS
Canonical
5
OS
Redhat
19

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0302-1.NASL
    descriptionThis update for python36 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133448
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133448
    titleSUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0302-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133448);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/06");
    
      script_cve_id("CVE-2017-18207", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947");
    
      script_name(english:"SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for python36 to version 3.6.10 fixes the following 
    issues :
    
    CVE-2017-18207: Fixed a denial of service in
    Wave_read._read_fmt_chunk() (bsc#1083507).
    
    CVE-2019-16056: Fixed an issue where email parsing could fail for
    multiple @ signs (bsc#1149955).
    
    CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat
    (bsc#1149429).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027282"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1081750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083507"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1094814"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137942"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138459"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1141853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149955"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151490"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159622"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=709442"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=951166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=983582"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1000802/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1060/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20852/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10160/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15903/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16056/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-5010/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9636/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9947/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200302-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?68a41617"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP5 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-302=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-base-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libpython3_6m1_0-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libpython3_6m1_0-debuginfo-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-base-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-base-debuginfo-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-base-debugsource-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-debuginfo-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-debugsource-3.6.10-4.3.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python36");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-B06EC6159B.NASL
    descriptionPython 3.5 has now entered
    last seen2020-06-01
    modified2020-06-02
    plugin id130793
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130793
    titleFedora 30 : python35 (2019-b06ec6159b)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6B02154AA0.NASL
    descriptionLast upstream Python 3.4 security release, 3.4.10. Security fix for CVE-2019-9636, CVE-2019-5010, CVE-2018-20406. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123475
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123475
    titleFedora 29 : python34 (2019-6b02154aa0)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1834.NASL
    descriptionMultiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including CVE-2018-14647 Python
    last seen2020-06-01
    modified2020-06-02
    plugin id126222
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126222
    titleDebian DLA-1834-1 : python2.7 security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3170.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130155
    published2019-10-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130155
    titleRHEL 7 : python (RHSA-2019:3170)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1149.NASL
    descriptionAccording to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.(CVE-2019-9636) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123623
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123623
    titleEulerOS 2.0 SP5 : python (EulerOS-SA-2019-1149)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-243442E600.NASL
    descriptionSecurity fix for CVE-2019-9636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123099
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123099
    titleFedora 29 : python3 (2019-243442e600)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1282.NASL
    descriptionThis update for python3 fixes the following issues : Security issue fixed : - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124356
    published2019-04-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124356
    titleopenSUSE Security Update : python3 (openSUSE-2019-1282)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1230.NASL
    descriptionA NULL pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities. (CVE-2019-5010) Python 2.7.16 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636) A flaw was found in the way catastrophic backtracking was implemented in python
    last seen2020-06-01
    modified2020-06-02
    plugin id126383
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126383
    titleAmazon Linux 2 : python (ALAS-2019-1230)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-7D9F3CF3CE.NASL
    descriptionLast upstream Python 3.4 security release, 3.4.10. Security fix for CVE-2019-9636, CVE-2019-5010, CVE-2018-20406. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124511
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124511
    titleFedora 30 : python34 (2019-7d9f3cf3ce)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1258.NASL
    descriptionA security regression of CVE-2019-9636 was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. (CVE-2019-10160)
    last seen2020-06-01
    modified2020-06-02
    plugin id127462
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127462
    titleAmazon Linux 2 : python (ALAS-2019-1258)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0160_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by a vulnerability: - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. (CVE-2019-10160) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127440
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127440
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : python Vulnerability (NS-SA-2019-0160)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190408_PYTHON_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)
    last seen2020-03-18
    modified2019-04-09
    plugin id123917
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123917
    titleScientific Linux Security Update : python on SL7.x x86_64 (20190408)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2064-1.NASL
    descriptionThis update for python fixes the following issues : Security issue fixed : CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127770
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127770
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2019:2064-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-26.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-26 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly perform a CRLF injection attack, obtain sensitive information, trick Python into sending cookies to the wrong domain or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134603
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134603
    titleGLSA-202003-26 : Python: Multiple vulnerabilities
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0166_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has python packages installed that are affected by a vulnerability: - It was discovered that python
    last seen2020-06-01
    modified2020-06-02
    plugin id127453
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127453
    titleNewStart CGSL MAIN 4.05 : python Vulnerability (NS-SA-2019-0166)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4127-1.NASL
    descriptionIt was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160) Colin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-5010) It was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947) Sihoon Lee discovered that Python incorrectly handled the local_file: scheme. A remote attacker could possibly use this issue to bypass blacklist meschanisms. (CVE-2019-9948). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128631
    published2019-09-10
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128631
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : python2.7, python3.5, python3.6, python3.7 vulnerabilities (USN-4127-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1259.NASL
    descriptionA security regression of CVE-2019-9636 was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. (CVE-2019-10160)
    last seen2020-06-01
    modified2020-06-02
    plugin id127463
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127463
    titleAmazon Linux 2 : python3 (ALAS-2019-1259)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1771.NASL
    descriptionAccording to the version of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-07-25
    plugin id127008
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127008
    titleEulerOS 2.0 SP8 : python2 (EulerOS-SA-2019-1771)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1337.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib
    last seen2020-05-06
    modified2019-05-06
    plugin id124623
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124623
    titleEulerOS 2.0 SP3 : python (EulerOS-SA-2019-1337)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0997.NASL
    descriptionAn update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package provides the
    last seen2020-06-01
    modified2020-06-02
    plugin id124673
    published2019-05-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124673
    titleRHEL 8 : python3 (RHSA-2019:0997)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6BAEB15DA3.NASL
    descriptionLast upstream Python 3.4 security release, 3.4.10. Security fix for CVE-2019-9636, CVE-2019-5010, CVE-2018-20406. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123476
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123476
    titleFedora 28 : python34 (2019-6baeb15da3)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-5DC275C9F2.NASL
    descriptionFix CVE-2019-16056 (rhbz#1750457) ---- Fix CVE-2019-10160 (rhbz#1718867) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129029
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129029
    titleFedora 29 : python34 (2019-5dc275c9f2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-14018-1.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id124084
    published2019-04-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124084
    titleSUSE SLES11 Security Update : python (SUSE-SU-2019:14018-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1124.NASL
    descriptionAccording to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.(CVE-2019-9636) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123598
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123598
    titleEulerOS 2.0 SP2 : python (EulerOS-SA-2019-1124)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1204.NASL
    descriptionPython 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.(CVE-2019-9636) Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a
    last seen2020-06-01
    modified2020-06-02
    plugin id124594
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124594
    titleAmazon Linux 2 : python3 (ALAS-2019-1204)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1587.NASL
    descriptionFrom Red Hat Security Advisory 2019:1587 : An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126142
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126142
    titleOracle Linux 7 : python (ELSA-2019-1587)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-9BFB4A3E4B.NASL
    description[Python 3.7.4](https://www.python.org/downloads/release/python-374/) is the fourth and most recent maintenance release of Python 3.7. [Changelog for final](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7- 4-final), [3.7.4 release candidate 2](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-re lease-candidate-2) and [3.7.4 release candidate 1](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-re lease-candidate-1). Contains security fixes for CVE-2019-9948 and CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127105
    published2019-07-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127105
    titleFedora 30 : python3 / python3-docs (2019-9bfb4a3e4b)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1324.NASL
    descriptionA security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. (CVE-2019-10160) An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. (CVE-2019-9740) urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-06-01
    modified2020-06-02
    plugin id131244
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131244
    titleAmazon Linux AMI : python34 (ALAS-2019-1324)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2050-1.NASL
    descriptionThis update for python3 fixes the following issues : Security issue fixed : CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127766
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127766
    titleSUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2019:2050-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1277.NASL
    descriptionAccording to the version of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.(CVE-2019-9636) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123745
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123745
    titleEulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1277)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190620_PYTHON_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160)
    last seen2020-03-18
    modified2019-06-24
    plugin id126145
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126145
    titleScientific Linux Security Update : python on SL7.x x86_64 (20190620)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1258.NASL
    descriptionA security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-06-01
    modified2020-06-02
    plugin id127814
    published2019-08-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127814
    titleAmazon Linux AMI : python27 (ALAS-2019-1258)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1434.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python
    last seen2020-06-01
    modified2020-06-02
    plugin id124937
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124937
    titleEulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0061_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way catastrophic backtracking was implemented in python
    last seen2020-06-01
    modified2020-06-02
    plugin id127255
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127255
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0061)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-D202CDA4F8.NASL
    descriptionPython 3.5 has now entered
    last seen2020-06-01
    modified2020-06-02
    plugin id130797
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130797
    titleFedora 29 : python35 (2019-d202cda4f8)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0961-1.NASL
    descriptionThis update for python3 fixes the following issues : Security issue fixed : CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124113
    published2019-04-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124113
    titleSUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2019:0961-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-60A1DEFCD1.NASL
    description[Python 3.7.4](https://www.python.org/downloads/release/python-374/) is the fourth and most recent maintenance release of Python 3.7. [Changelog for final](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7- 4-final), [3.7.4 release candidate 2](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-re lease-candidate-2) and [3.7.4 release candidate 1](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-re lease-candidate-1). Contains security fixes for CVE-2019-9948 and CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127514
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127514
    titleFedora 29 : python3 / python3-docs (2019-60a1defcd1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1866.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-05-08
    modified2019-09-17
    plugin id128918
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128918
    titleEulerOS 2.0 SP2 : python (EulerOS-SA-2019-1866)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1906.NASL
    descriptionThis update for python fixes the following issues : Security issue fixed : - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id127998
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127998
    titleopenSUSE Security Update : python (openSUSE-2019-1906)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1467.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126074
    published2019-06-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126074
    titleCentOS 6 : python (CESA-2019:1467)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1587.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126089
    published2019-06-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126089
    titleRHEL 7 : python (RHSA-2019:1587)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0971-1.NASL
    descriptionThis update for python3 fixes the following issues : Security issue fixed : CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124148
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124148
    titleSUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2019:0971-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6E1938A3C5.NASL
    descriptionSecurity update to Python 3.5.7. Security fix for CVE-2019-5010, CVE-2018-20406, CVE-2018-1060, CVE-2018-1061, CVE-2019-9636. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123140
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123140
    titleFedora 29 : python35 (2019-6e1938a3c5)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1371.NASL
    descriptionThis update for python3 fixes the following issues : Security issue fixed : - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124848
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124848
    titleopenSUSE Security Update : python3 (openSUSE-2019-1371)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190613_PYTHON_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)
    last seen2020-03-18
    modified2019-06-14
    plugin id125916
    published2019-06-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125916
    titleScientific Linux Security Update : python on SL6.x i386/x86_64 (20190613)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1202.NASL
    descriptionPython is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636) Modules/_pickle.c in Python has an integer overflow via a large LONG_BINPUT value that is mishandled during a
    last seen2020-06-01
    modified2020-06-02
    plugin id124655
    published2019-05-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124655
    titleAmazon Linux AMI : python34 (ALAS-2019-1202)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1273.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : - CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id124310
    published2019-04-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124310
    titleopenSUSE Security Update : python (openSUSE-2019-1273)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-86F32CBAB1.NASL
    descriptionSecurity fix for CVE-2019-9636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123762
    published2019-04-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123762
    titleFedora 28 : python3 (2019-86f32cbab1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-57462FA10D.NASL
    descriptionPython 3.5 has now entered
    last seen2020-06-01
    modified2020-06-02
    plugin id130784
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130784
    titleFedora 31 : python35 (2019-57462fa10d)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-7DF59302E0.NASL
    descriptionUpdate Python 3.6 to [3.6.9](https://www.python.org/downloads/release/python-369/), the latest security release of the 3.6 branch. [Changelog for 3.6.9 final](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6- 9-final) and [3.6.9 release candidate 1](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-re lease-candidate-1). Includes security fixes for CVE-2019-9636, CVE-2019-9740, CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126659
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126659
    titleFedora 29 : python36 (2019-7df59302e0)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0163_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by a vulnerability: - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. (CVE-2019-10160) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127446
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127446
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : python Vulnerability (NS-SA-2019-0163)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0997.NASL
    descriptionFrom Red Hat Security Advisory 2019:0997 : An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package provides the
    last seen2020-06-01
    modified2020-06-02
    plugin id127576
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127576
    titleOracle Linux 8 : python3 (ELSA-2019-0997)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A122FE704D.NASL
    descriptionSecurity fix for CVE-2019-9636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124524
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124524
    titleFedora 30 : python3 (2019-a122fe704d)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2980.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129742
    published2019-10-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129742
    titleRHEL 7 : python (RHSA-2019:2980)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2437.NASL
    descriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id127986
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127986
    titleRHEL 7 : Virtualization Manager (RHSA-2019:2437)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0981.NASL
    descriptionAn update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) * python-sqlalchemy: SQL Injection when the order_by parameter can be controlled (CVE-2019-7164) * python-sqlalchemy: SQL Injection when the group_by parameter can be controlled (CVE-2019-7548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-23
    modified2019-05-07
    plugin id124668
    published2019-05-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124668
    titleRHEL 8 : python27:2.7 (RHSA-2019:0981)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2091-1.NASL
    descriptionThis update for python fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127783
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127783
    titleSUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2019:2091-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0234-1.NASL
    descriptionThis update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133259
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133259
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-EC26883852.NASL
    descriptionSecurity fix for CVE-2019-9740 and CVE-2019-9947. Fix a regression introduced by the fix for CVE-2019-9636. Add manual page link for python3.7m. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125434
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125434
    titleFedora 29 : python3 (2019-ec26883852)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1439-1.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id125764
    published2019-06-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125764
    titleSUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2019:1439-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0972-1.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id124149
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124149
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2019:0972-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2019.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-05-08
    modified2019-09-24
    plugin id129212
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129212
    titleEulerOS 2.0 SP3 : python (EulerOS-SA-2019-2019)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0710.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124033
    published2019-04-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124033
    titleCentOS 7 : python (CESA-2019:0710)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0114-1.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133036
    published2020-01-17
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133036
    titleSUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-51F1E08207.NASL
    descriptionSecurity update to Python 3.5.7. Security fix for CVE-2019-5010, CVE-2018-20406, CVE-2018-1060, CVE-2018-1061, CVE-2019-9636. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124492
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124492
    titleFedora 30 : python35 (2019-51f1e08207)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1778.NASL
    descriptionAccording to the version of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-07-25
    plugin id127015
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127015
    titleEulerOS 2.0 SP8 : python3 (EulerOS-SA-2019-1778)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-1FFD6B6064.NASL
    descriptionSecurity fix for CVE-2019-9740 and CVE-2019-9947. Fix a regression introduced by the fix for CVE-2019-9636. Add manual page link for python3.7m. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125229
    published2019-05-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125229
    titleFedora 30 : python3 (2019-1ffd6b6064)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1934.NASL
    descriptionAccording to the version of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128937
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128937
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : python (EulerOS-SA-2019-1934)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1587.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126219
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126219
    titleCentOS 7 : python (CESA-2019:1587)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1467.NASL
    descriptionFrom Red Hat Security Advisory 2019:1467 : An update for python is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125914
    published2019-06-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125914
    titleOracle Linux 6 : python (ELSA-2019-1467)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1403.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) - python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. (CVE-2018-1061) - python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib
    last seen2020-04-16
    modified2019-05-14
    plugin id124906
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124906
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : python (EulerOS-SA-2019-1403)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-CF725DD20B.NASL
    descriptionSecurity update to Python 3.5.7. Security fix for CVE-2019-5010, CVE-2018-20406, CVE-2018-1060, CVE-2018-1061, CVE-2019-9636. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123480
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123480
    titleFedora 28 : python35 (2019-cf725dd20b)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-86.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id133172
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133172
    titleopenSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2053-1.NASL
    descriptionThis update for python3 fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127768
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127768
    titleSUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2019:2053-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0710.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id123915
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123915
    titleRHEL 7 : python (RHSA-2019:0710)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-2B1F72899A.NASL
    descriptionFix CVE-2019-16056 (rhbz#1750457) ---- Fix CVE-2019-10160 (rhbz#1718867) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129027
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129027
    titleFedora 30 : python34 (2019-2b1f72899a)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0981.NASL
    descriptionFrom Red Hat Security Advisory 2019:0981 : An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) * python-sqlalchemy: SQL Injection when the order_by parameter can be controlled (CVE-2019-7164) * python-sqlalchemy: SQL Injection when the group_by parameter can be controlled (CVE-2019-7548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127571
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127571
    titleOracle Linux 8 : python27:2.7 (ELSA-2019-0981)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2053-2.NASL
    descriptionThis update for python3 fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128019
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128019
    titleSUSE SLES12 Security Update : python3 (SUSE-SU-2019:2053-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1797.NASL
    descriptionAccording to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-08-23
    plugin id128089
    published2019-08-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128089
    titleEulerOS 2.0 SP5 : python (EulerOS-SA-2019-1797)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1243.NASL
    descriptionAn issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. (CVE-2019-9740 , CVE-2019-9947) Python 2.7.x and 3.x are affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636)
    last seen2020-06-01
    modified2020-06-02
    plugin id127071
    published2019-07-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127071
    titleAmazon Linux AMI : python35 (ALAS-2019-1243)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0710.NASL
    descriptionFrom Red Hat Security Advisory 2019:0710 : An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id123960
    published2019-04-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123960
    titleOracle Linux 7 : python (ELSA-2019-0710)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1230.NASL
    descriptionPython 2.7.x through 2.7.16 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636). An issue was discovered in urllib2 in Python 2.x through 2.7.16. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. (CVE-2019-9740) An issue was discovered in urllib2 in Python 2.x through 2.7.16 . CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. (CVE-2019-9947)
    last seen2020-06-01
    modified2020-06-02
    plugin id126346
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126346
    titleAmazon Linux AMI : python27 (ALAS-2019-1230)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1204.NASL
    descriptionPython is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636) An issue was discovered in urllib2 in Python 3.6. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9740) An issue was discovered in urllib2 in Python 3.6. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947)
    last seen2020-06-01
    modified2020-06-02
    plugin id125604
    published2019-05-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125604
    titleAmazon Linux AMI : python36 (ALAS-2019-1204)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-7723D4774A.NASL
    descriptionUpdate Python 3.6 to [3.6.9](https://www.python.org/downloads/release/python-369/), the latest security release of the 3.6 branch. [Changelog for 3.6.9 final](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6- 9-final) and [3.6.9 release candidate 1](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-re lease-candidate-1). Includes security fixes for CVE-2019-9636, CVE-2019-9740, CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126658
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126658
    titleFedora 30 : python36 (2019-7723d4774a)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1259.NASL
    descriptionA security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160)
    last seen2020-06-01
    modified2020-06-02
    plugin id127815
    published2019-08-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127815
    titleAmazon Linux AMI : python34 / python35,python36 (ALAS-2019-1259)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0174_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has python packages installed that are affected by a vulnerability: - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id128700
    published2019-09-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128700
    titleNewStart CGSL MAIN 4.06 : python Vulnerability (NS-SA-2019-0174)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1580.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : - CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id126041
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126041
    titleopenSUSE Security Update : python (openSUSE-2019-1580)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1467.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125915
    published2019-06-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125915
    titleRHEL 6 : python (RHSA-2019:1467)

Redhat

advisories
  • bugzilla
    id1688543
    titleCVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentpython-tools is earlier than 0:2.7.5-77.el7_6
            ovaloval:com.redhat.rhsa:tst:20190710001
          • commentpython-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554008
        • AND
          • commentpython-test is earlier than 0:2.7.5-77.el7_6
            ovaloval:com.redhat.rhsa:tst:20190710003
          • commentpython-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554006
        • AND
          • commentpython-debug is earlier than 0:2.7.5-77.el7_6
            ovaloval:com.redhat.rhsa:tst:20190710005
          • commentpython-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20152101008
        • AND
          • commentpython-devel is earlier than 0:2.7.5-77.el7_6
            ovaloval:com.redhat.rhsa:tst:20190710007
          • commentpython-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554010
        • AND
          • commenttkinter is earlier than 0:2.7.5-77.el7_6
            ovaloval:com.redhat.rhsa:tst:20190710009
          • commenttkinter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554004
        • AND
          • commentpython-libs is earlier than 0:2.7.5-77.el7_6
            ovaloval:com.redhat.rhsa:tst:20190710011
          • commentpython-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554014
        • AND
          • commentpython is earlier than 0:2.7.5-77.el7_6
            ovaloval:com.redhat.rhsa:tst:20190710013
          • commentpython is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554012
    rhsa
    idRHSA-2019:0710
    released2019-04-08
    severityImportant
    titleRHSA-2019:0710: python security update (Important)
  • bugzilla
    id1688543
    titleCVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • commentModule python27:2.7 is enabled
        ovaloval:com.redhat.rhsa:tst:20190981121
      • OR
        • AND
          • commentpython2-tools is earlier than 0:2.7.15-22.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981001
          • commentpython2-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981002
        • AND
          • commentpython2-tkinter is earlier than 0:2.7.15-22.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981003
          • commentpython2-tkinter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981004
        • AND
          • commentpython2-test is earlier than 0:2.7.15-22.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981005
          • commentpython2-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981006
        • AND
          • commentpython2-sqlalchemy is earlier than 0:1.3.2-1.module+el8.0.0+2974+76d21d2e
            ovaloval:com.redhat.rhsa:tst:20190981007
          • commentpython2-sqlalchemy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981008
        • AND
          • commentpython2-scipy is earlier than 0:1.0.0-19.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981009
          • commentpython2-scipy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981010
        • AND
          • commentpython2-pyyaml is earlier than 0:3.12-16.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981011
          • commentpython2-pyyaml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981012
        • AND
          • commentpython2-pymongo-gridfs is earlier than 0:3.6.1-9.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981013
          • commentpython2-pymongo-gridfs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981014
        • AND
          • commentpython2-pymongo is earlier than 0:3.6.1-9.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981015
          • commentpython2-pymongo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981016
        • AND
          • commentpython2-psycopg2-tests is earlier than 0:2.7.5-7.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981017
          • commentpython2-psycopg2-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981018
        • AND
          • commentpython2-psycopg2-debug is earlier than 0:2.7.5-7.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981019
          • commentpython2-psycopg2-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981020
        • AND
          • commentpython2-psycopg2 is earlier than 0:2.7.5-7.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981021
          • commentpython2-psycopg2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981022
        • AND
          • commentpython2-numpy-f2py is earlier than 1:1.14.2-10.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981023
          • commentpython2-numpy-f2py is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981024
        • AND
          • commentpython2-numpy is earlier than 1:1.14.2-10.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981025
          • commentpython2-numpy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981026
        • AND
          • commentpython2-markupsafe is earlier than 0:0.23-19.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981027
          • commentpython2-markupsafe is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981028
        • AND
          • commentpython2-lxml is earlier than 0:4.2.3-3.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981029
          • commentpython2-lxml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981030
        • AND
          • commentpython2-libs is earlier than 0:2.7.15-22.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981031
          • commentpython2-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981032
        • AND
          • commentpython2-devel is earlier than 0:2.7.15-22.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981033
          • commentpython2-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981034
        • AND
          • commentpython2-debugsource is earlier than 0:2.7.15-22.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981035
          • commentpython2-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981036
        • AND
          • commentpython2-debug is earlier than 0:2.7.15-22.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981037
          • commentpython2-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981038
        • AND
          • commentpython2-coverage is earlier than 0:4.5.1-4.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981039
          • commentpython2-coverage is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981040
        • AND
          • commentpython2-bson is earlier than 0:3.6.1-9.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981041
          • commentpython2-bson is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981042
        • AND
          • commentpython2-backports is earlier than 0:1.0-15.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981043
          • commentpython2-backports is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981044
        • AND
          • commentpython2-Cython is earlier than 0:0.28.1-7.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981045
          • commentpython2-Cython is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981046
        • AND
          • commentpython2 is earlier than 0:2.7.15-22.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981047
          • commentpython2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981048
        • AND
          • commentpython-psycopg2-doc is earlier than 0:2.7.5-7.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981049
          • commentpython-psycopg2-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981050
        • AND
          • commentpython2-wheel is earlier than 1:0.30.0-13.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981051
          • commentpython2-wheel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981052
        • AND
          • commentpython2-virtualenv is earlier than 0:15.1.0-18.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981053
          • commentpython2-virtualenv is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981054
        • AND
          • commentpython2-urllib3 is earlier than 0:1.23-7.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981055
          • commentpython2-urllib3 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981056
        • AND
          • commentpython2-six is earlier than 0:1.11.0-5.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981057
          • commentpython2-six is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981058
        • AND
          • commentpython2-setuptools_scm is earlier than 0:1.15.7-6.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981059
          • commentpython2-setuptools_scm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981060
        • AND
          • commentpython2-setuptools is earlier than 0:39.0.1-11.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981061
          • commentpython2-setuptools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981062
        • AND
          • commentpython2-rpm-macros is earlier than 0:3-38.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981063
          • commentpython2-rpm-macros is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981064
        • AND
          • commentpython2-requests is earlier than 0:2.20.0-2.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981065
          • commentpython2-requests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981066
        • AND
          • commentpython2-pytz is earlier than 0:2017.2-12.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981067
          • commentpython2-pytz is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981068
        • AND
          • commentpython2-pytest-mock is earlier than 0:1.9.0-4.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981069
          • commentpython2-pytest-mock is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981070
        • AND
          • commentpython2-pytest is earlier than 0:3.4.2-13.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981071
          • commentpython2-pytest is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981072
        • AND
          • commentpython2-pysocks is earlier than 0:1.6.8-6.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981073
          • commentpython2-pysocks is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981074
        • AND
          • commentpython2-pygments is earlier than 0:2.2.0-20.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981075
          • commentpython2-pygments is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981076
        • AND
          • commentpython2-py is earlier than 0:1.5.3-6.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981077
          • commentpython2-py is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981078
        • AND
          • commentpython2-pluggy is earlier than 0:0.6.0-8.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981079
          • commentpython2-pluggy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981080
        • AND
          • commentpython2-pip is earlier than 0:9.0.3-13.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981081
          • commentpython2-pip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981082
        • AND
          • commentpython2-numpy-doc is earlier than 1:1.14.2-10.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981083
          • commentpython2-numpy-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981084
        • AND
          • commentpython2-nose is earlier than 0:1.3.7-30.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981085
          • commentpython2-nose is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981086
        • AND
          • commentpython2-mock is earlier than 0:2.0.0-13.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981087
          • commentpython2-mock is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981088
        • AND
          • commentpython2-jinja2 is earlier than 0:2.10-8.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981089
          • commentpython2-jinja2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981090
        • AND
          • commentpython2-ipaddress is earlier than 0:1.0.18-6.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981091
          • commentpython2-ipaddress is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981092
        • AND
          • commentpython2-idna is earlier than 0:2.5-7.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981093
          • commentpython2-idna is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981094
        • AND
          • commentpython2-funcsigs is earlier than 0:1.0.2-13.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981095
          • commentpython2-funcsigs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981096
        • AND
          • commentpython2-docutils is earlier than 0:0.14-12.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981097
          • commentpython2-docutils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981098
        • AND
          • commentpython2-docs-info is earlier than 0:2.7.15-4.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981099
          • commentpython2-docs-info is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981100
        • AND
          • commentpython2-docs is earlier than 0:2.7.15-4.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981101
          • commentpython2-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981102
        • AND
          • commentpython2-dns is earlier than 0:1.15.0-9.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981103
          • commentpython2-dns is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981104
        • AND
          • commentpython2-chardet is earlier than 0:3.0.4-10.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981105
          • commentpython2-chardet is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981106
        • AND
          • commentpython2-backports-ssl_match_hostname is earlier than 0:3.5.0.1-11.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981107
          • commentpython2-backports-ssl_match_hostname is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981108
        • AND
          • commentpython2-babel is earlier than 0:2.5.1-9.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981109
          • commentpython2-babel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981110
        • AND
          • commentpython2-attrs is earlier than 0:17.4.0-10.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981111
          • commentpython2-attrs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981112
        • AND
          • commentpython2-PyMySQL is earlier than 0:0.8.0-10.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981113
          • commentpython2-PyMySQL is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981114
        • AND
          • commentpython-sqlalchemy-doc is earlier than 0:1.3.2-1.module+el8.0.0+2974+76d21d2e
            ovaloval:com.redhat.rhsa:tst:20190981115
          • commentpython-sqlalchemy-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981116
        • AND
          • commentpython-nose-docs is earlier than 0:1.3.7-30.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981117
          • commentpython-nose-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981118
        • AND
          • commentbabel is earlier than 0:2.5.1-9.module+el8.0.0+2961+596d0223
            ovaloval:com.redhat.rhsa:tst:20190981119
          • commentbabel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981120
    rhsa
    idRHSA-2019:0981
    released2019-05-07
    severityImportant
    titleRHSA-2019:0981: python27:2.7 security update (Important)
  • bugzilla
    id1688543
    titleCVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentpython3-libs is earlier than 0:3.6.8-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20190997001
          • commentpython3-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997002
        • AND
          • commentplatform-python is earlier than 0:3.6.8-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20190997003
          • commentplatform-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997004
        • AND
          • commentpython3-test is earlier than 0:3.6.8-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20190997005
          • commentpython3-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997006
        • AND
          • commentpython3-debugsource is earlier than 0:3.6.8-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20190997007
          • commentpython3-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997008
        • AND
          • commentplatform-python-devel is earlier than 0:3.6.8-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20190997009
          • commentplatform-python-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997010
        • AND
          • commentplatform-python-debug is earlier than 0:3.6.8-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20190997011
          • commentplatform-python-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997012
        • AND
          • commentpython3-idle is earlier than 0:3.6.8-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20190997013
          • commentpython3-idle is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997014
        • AND
          • commentpython3-tkinter is earlier than 0:3.6.8-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20190997015
          • commentpython3-tkinter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997016
    rhsa
    idRHSA-2019:0997
    released2019-05-07
    severityImportant
    titleRHSA-2019:0997: python3 security update (Important)
  • bugzilla
    id1688543
    titleCVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentpython-test is earlier than 0:2.6.6-68.el6_10
            ovaloval:com.redhat.rhsa:tst:20191467001
          • commentpython-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554006
        • AND
          • commentpython-tools is earlier than 0:2.6.6-68.el6_10
            ovaloval:com.redhat.rhsa:tst:20191467003
          • commentpython-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554008
        • AND
          • commenttkinter is earlier than 0:2.6.6-68.el6_10
            ovaloval:com.redhat.rhsa:tst:20191467005
          • commenttkinter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554004
        • AND
          • commentpython-devel is earlier than 0:2.6.6-68.el6_10
            ovaloval:com.redhat.rhsa:tst:20191467007
          • commentpython-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554010
        • AND
          • commentpython is earlier than 0:2.6.6-68.el6_10
            ovaloval:com.redhat.rhsa:tst:20191467009
          • commentpython is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554012
        • AND
          • commentpython-libs is earlier than 0:2.6.6-68.el6_10
            ovaloval:com.redhat.rhsa:tst:20191467011
          • commentpython-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554014
    rhsa
    idRHSA-2019:1467
    released2019-06-13
    severityImportant
    titleRHSA-2019:1467: python security update (Important)
  • rhsa
    idRHBA-2019:0763
  • rhsa
    idRHBA-2019:0764
  • rhsa
    idRHBA-2019:0959
  • rhsa
    idRHSA-2019:0765
  • rhsa
    idRHSA-2019:0806
  • rhsa
    idRHSA-2019:0902
  • rhsa
    idRHSA-2019:2980
  • rhsa
    idRHSA-2019:3170
rpms
  • redhat-release-virtualization-host-0:4.2-8.4.el7
  • redhat-virtualization-host-image-update-0:4.2-20190411.1.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-8.4.el7
  • rhvm-appliance-2:4.2-20190411.1.el7
  • python-0:2.7.5-77.el7_6
  • python-debug-0:2.7.5-77.el7_6
  • python-debuginfo-0:2.7.5-77.el7_6
  • python-devel-0:2.7.5-77.el7_6
  • python-libs-0:2.7.5-77.el7_6
  • python-test-0:2.7.5-77.el7_6
  • python-tools-0:2.7.5-77.el7_6
  • tkinter-0:2.7.5-77.el7_6
  • rh-python36-python-0:3.6.3-4.el6
  • rh-python36-python-0:3.6.3-7.el7
  • rh-python36-python-debug-0:3.6.3-4.el6
  • rh-python36-python-debug-0:3.6.3-7.el7
  • rh-python36-python-debuginfo-0:3.6.3-4.el6
  • rh-python36-python-debuginfo-0:3.6.3-7.el7
  • rh-python36-python-devel-0:3.6.3-4.el6
  • rh-python36-python-devel-0:3.6.3-7.el7
  • rh-python36-python-libs-0:3.6.3-4.el6
  • rh-python36-python-libs-0:3.6.3-7.el7
  • rh-python36-python-test-0:3.6.3-4.el6
  • rh-python36-python-test-0:3.6.3-7.el7
  • rh-python36-python-tkinter-0:3.6.3-4.el6
  • rh-python36-python-tkinter-0:3.6.3-7.el7
  • rh-python36-python-tools-0:3.6.3-4.el6
  • rh-python36-python-tools-0:3.6.3-7.el7
  • python27-python-0:2.7.13-4.el6
  • python27-python-0:2.7.13-6.el7
  • python27-python-debug-0:2.7.13-4.el6
  • python27-python-debug-0:2.7.13-6.el7
  • python27-python-debuginfo-0:2.7.13-4.el6
  • python27-python-debuginfo-0:2.7.13-6.el7
  • python27-python-devel-0:2.7.13-4.el6
  • python27-python-devel-0:2.7.13-6.el7
  • python27-python-libs-0:2.7.13-4.el6
  • python27-python-libs-0:2.7.13-6.el7
  • python27-python-test-0:2.7.13-4.el6
  • python27-python-test-0:2.7.13-6.el7
  • python27-python-tools-0:2.7.13-4.el6
  • python27-python-tools-0:2.7.13-6.el7
  • python27-tkinter-0:2.7.13-4.el6
  • python27-tkinter-0:2.7.13-6.el7
  • rh-python35-python-0:3.5.1-12.el6
  • rh-python35-python-0:3.5.1-12.el7
  • rh-python35-python-debug-0:3.5.1-12.el6
  • rh-python35-python-debug-0:3.5.1-12.el7
  • rh-python35-python-debuginfo-0:3.5.1-12.el6
  • rh-python35-python-debuginfo-0:3.5.1-12.el7
  • rh-python35-python-devel-0:3.5.1-12.el6
  • rh-python35-python-devel-0:3.5.1-12.el7
  • rh-python35-python-libs-0:3.5.1-12.el6
  • rh-python35-python-libs-0:3.5.1-12.el7
  • rh-python35-python-test-0:3.5.1-12.el6
  • rh-python35-python-test-0:3.5.1-12.el7
  • rh-python35-python-tkinter-0:3.5.1-12.el6
  • rh-python35-python-tkinter-0:3.5.1-12.el7
  • rh-python35-python-tools-0:3.5.1-12.el6
  • rh-python35-python-tools-0:3.5.1-12.el7
  • babel-0:2.5.1-9.module+el8.0.0+2961+596d0223
  • python-nose-docs-0:1.3.7-30.module+el8.0.0+2961+596d0223
  • python-psycopg2-doc-0:2.7.5-7.module+el8.0.0+2961+596d0223
  • python-sqlalchemy-doc-0:1.3.2-1.module+el8.0.0+2974+76d21d2e
  • python2-0:2.7.15-22.module+el8.0.0+2961+596d0223
  • python2-Cython-0:0.28.1-7.module+el8.0.0+2961+596d0223
  • python2-Cython-debuginfo-0:0.28.1-7.module+el8.0.0+2961+596d0223
  • python2-PyMySQL-0:0.8.0-10.module+el8.0.0+2961+596d0223
  • python2-attrs-0:17.4.0-10.module+el8.0.0+2961+596d0223
  • python2-babel-0:2.5.1-9.module+el8.0.0+2961+596d0223
  • python2-backports-0:1.0-15.module+el8.0.0+2961+596d0223
  • python2-backports-ssl_match_hostname-0:3.5.0.1-11.module+el8.0.0+2961+596d0223
  • python2-bson-0:3.6.1-9.module+el8.0.0+2961+596d0223
  • python2-bson-debuginfo-0:3.6.1-9.module+el8.0.0+2961+596d0223
  • python2-chardet-0:3.0.4-10.module+el8.0.0+2961+596d0223
  • python2-coverage-0:4.5.1-4.module+el8.0.0+2961+596d0223
  • python2-coverage-debuginfo-0:4.5.1-4.module+el8.0.0+2961+596d0223
  • python2-debug-0:2.7.15-22.module+el8.0.0+2961+596d0223
  • python2-debuginfo-0:2.7.15-22.module+el8.0.0+2961+596d0223
  • python2-debugsource-0:2.7.15-22.module+el8.0.0+2961+596d0223
  • python2-devel-0:2.7.15-22.module+el8.0.0+2961+596d0223
  • python2-dns-0:1.15.0-9.module+el8.0.0+2961+596d0223
  • python2-docs-0:2.7.15-4.module+el8.0.0+2961+596d0223
  • python2-docs-info-0:2.7.15-4.module+el8.0.0+2961+596d0223
  • python2-docutils-0:0.14-12.module+el8.0.0+2961+596d0223
  • python2-funcsigs-0:1.0.2-13.module+el8.0.0+2961+596d0223
  • python2-idna-0:2.5-7.module+el8.0.0+2961+596d0223
  • python2-ipaddress-0:1.0.18-6.module+el8.0.0+2961+596d0223
  • python2-jinja2-0:2.10-8.module+el8.0.0+2961+596d0223
  • python2-libs-0:2.7.15-22.module+el8.0.0+2961+596d0223
  • python2-lxml-0:4.2.3-3.module+el8.0.0+2961+596d0223
  • python2-lxml-debuginfo-0:4.2.3-3.module+el8.0.0+2961+596d0223
  • python2-markupsafe-0:0.23-19.module+el8.0.0+2961+596d0223
  • python2-mock-0:2.0.0-13.module+el8.0.0+2961+596d0223
  • python2-nose-0:1.3.7-30.module+el8.0.0+2961+596d0223
  • python2-numpy-1:1.14.2-10.module+el8.0.0+2961+596d0223
  • python2-numpy-debuginfo-1:1.14.2-10.module+el8.0.0+2961+596d0223
  • python2-numpy-doc-1:1.14.2-10.module+el8.0.0+2961+596d0223
  • python2-numpy-f2py-1:1.14.2-10.module+el8.0.0+2961+596d0223
  • python2-pip-0:9.0.3-13.module+el8.0.0+2961+596d0223
  • python2-pluggy-0:0.6.0-8.module+el8.0.0+2961+596d0223
  • python2-psycopg2-0:2.7.5-7.module+el8.0.0+2961+596d0223
  • python2-psycopg2-debug-0:2.7.5-7.module+el8.0.0+2961+596d0223
  • python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.0.0+2961+596d0223
  • python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.0.0+2961+596d0223
  • python2-psycopg2-tests-0:2.7.5-7.module+el8.0.0+2961+596d0223
  • python2-py-0:1.5.3-6.module+el8.0.0+2961+596d0223
  • python2-pygments-0:2.2.0-20.module+el8.0.0+2961+596d0223
  • python2-pymongo-0:3.6.1-9.module+el8.0.0+2961+596d0223
  • python2-pymongo-debuginfo-0:3.6.1-9.module+el8.0.0+2961+596d0223
  • python2-pymongo-gridfs-0:3.6.1-9.module+el8.0.0+2961+596d0223
  • python2-pysocks-0:1.6.8-6.module+el8.0.0+2961+596d0223
  • python2-pytest-0:3.4.2-13.module+el8.0.0+2961+596d0223
  • python2-pytest-mock-0:1.9.0-4.module+el8.0.0+2961+596d0223
  • python2-pytz-0:2017.2-12.module+el8.0.0+2961+596d0223
  • python2-pyyaml-0:3.12-16.module+el8.0.0+2961+596d0223
  • python2-pyyaml-debuginfo-0:3.12-16.module+el8.0.0+2961+596d0223
  • python2-requests-0:2.20.0-2.module+el8.0.0+2961+596d0223
  • python2-rpm-macros-0:3-38.module+el8.0.0+2961+596d0223
  • python2-scipy-0:1.0.0-19.module+el8.0.0+2961+596d0223
  • python2-scipy-debuginfo-0:1.0.0-19.module+el8.0.0+2961+596d0223
  • python2-setuptools-0:39.0.1-11.module+el8.0.0+2961+596d0223
  • python2-setuptools_scm-0:1.15.7-6.module+el8.0.0+2961+596d0223
  • python2-six-0:1.11.0-5.module+el8.0.0+2961+596d0223
  • python2-sqlalchemy-0:1.3.2-1.module+el8.0.0+2974+76d21d2e
  • python2-test-0:2.7.15-22.module+el8.0.0+2961+596d0223
  • python2-tkinter-0:2.7.15-22.module+el8.0.0+2961+596d0223
  • python2-tools-0:2.7.15-22.module+el8.0.0+2961+596d0223
  • python2-urllib3-0:1.23-7.module+el8.0.0+2961+596d0223
  • python2-virtualenv-0:15.1.0-18.module+el8.0.0+2961+596d0223
  • python2-wheel-1:0.30.0-13.module+el8.0.0+2961+596d0223
  • platform-python-0:3.6.8-2.el8_0
  • platform-python-debug-0:3.6.8-2.el8_0
  • platform-python-devel-0:3.6.8-2.el8_0
  • python3-debuginfo-0:3.6.8-2.el8_0
  • python3-debugsource-0:3.6.8-2.el8_0
  • python3-idle-0:3.6.8-2.el8_0
  • python3-libs-0:3.6.8-2.el8_0
  • python3-test-0:3.6.8-2.el8_0
  • python3-tkinter-0:3.6.8-2.el8_0
  • python-0:2.6.6-68.el6_10
  • python-debuginfo-0:2.6.6-68.el6_10
  • python-devel-0:2.6.6-68.el6_10
  • python-libs-0:2.6.6-68.el6_10
  • python-test-0:2.6.6-68.el6_10
  • python-tools-0:2.6.6-68.el6_10
  • tkinter-0:2.6.6-68.el6_10
  • python-0:2.7.5-70.el7_5
  • python-debug-0:2.7.5-70.el7_5
  • python-debuginfo-0:2.7.5-70.el7_5
  • python-devel-0:2.7.5-70.el7_5
  • python-libs-0:2.7.5-70.el7_5
  • python-test-0:2.7.5-70.el7_5
  • python-tools-0:2.7.5-70.el7_5
  • tkinter-0:2.7.5-70.el7_5
  • python-0:2.7.5-59.el7_4
  • python-debug-0:2.7.5-59.el7_4
  • python-debuginfo-0:2.7.5-59.el7_4
  • python-devel-0:2.7.5-59.el7_4
  • python-libs-0:2.7.5-59.el7_4
  • python-test-0:2.7.5-59.el7_4
  • python-tools-0:2.7.5-59.el7_4
  • tkinter-0:2.7.5-59.el7_4

References