Vulnerabilities > CVE-2019-9740 - CRLF Injection vulnerability in Python

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
python
CWE-93
nessus

Summary

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Vulnerable Configurations

Part Description Count
Application
Python
191

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Command Delimiters
    An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
  • Web Logs Tampering
    Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-B06EC6159B.NASL
    descriptionPython 3.5 has now entered
    last seen2020-06-01
    modified2020-06-02
    plugin id130793
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130793
    titleFedora 30 : python35 (2019-b06ec6159b)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1834.NASL
    descriptionMultiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including CVE-2018-14647 Python
    last seen2020-06-01
    modified2020-06-02
    plugin id126222
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126222
    titleDebian DLA-1834-1 : python2.7 security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_18ED9650A1D611E99B17FCAA147E860E.NASL
    descriptionPython changelog : bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit(). bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised. bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed. bpo-33529: Prevent fold function used in email header encoding from entering infinite loop when there are too many non-ASCII characters in a header. bpo-35121: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id126534
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126534
    titleFreeBSD : python 3.6 -- multiple vulnerabilities (18ed9650-a1d6-11e9-9b17-fcaa147e860e)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-26.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-26 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly perform a CRLF injection attack, obtain sensitive information, trick Python into sending cookies to the wrong domain or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134603
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134603
    titleGLSA-202003-26 : Python: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3520.NASL
    descriptionAn update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130548
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130548
    titleRHEL 8 : python3 (RHSA-2019:3520)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-293-01.NASL
    descriptionNew python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130079
    published2019-10-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130079
    titleSlackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-293-01)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4127-1.NASL
    descriptionIt was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160) Colin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-5010) It was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947) Sihoon Lee discovered that Python incorrectly handled the local_file: scheme. A remote attacker could possibly use this issue to bypass blacklist meschanisms. (CVE-2019-9948). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128631
    published2019-09-10
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128631
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : python2.7, python3.5, python3.6, python3.7 vulnerabilities (USN-4127-1)
  • NASL familyCGI abuses
    NASL idANSIBLE_TOWER_3_5_1.NASL
    descriptionThe version of Ansible Tower running on the remote web server is 3.3.x prior to 3.3.6, 3.4.x prior to 3.4.4, or 3.5.x prior to 3.5.1. It is, therefore, affected by a CRLF injection vulnerability in the urllib2 library of python 2.x through 2.7.16 & python 3.x through 3.7.3.
    last seen2020-06-01
    modified2020-06-02
    plugin id127127
    published2019-08-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127127
    titleAnsible Tower 3.3.x < 3.3.6 / 3.4.x < 3.4.4 / 3.5.x < 3.5.1 CRLF Vulnerability
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0229_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by multiple vulnerabilities: - An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. (CVE-2019-5010) - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-06-01
    modified2020-06-02
    plugin id132508
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132508
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : python Multiple Vulnerabilities (NS-SA-2019-0229)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1275.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340 however, this CVE applies to Python more generally.(CVE-2019-16056) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740) - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-03-26
    modified2020-03-20
    plugin id134741
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134741
    titleEulerOS Virtualization 3.0.2.2 : python (EulerOS-SA-2020-1275)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1324.NASL
    descriptionA security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. (CVE-2019-10160) An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. (CVE-2019-9740) urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-06-01
    modified2020-06-02
    plugin id131244
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131244
    titleAmazon Linux AMI : python34 (ALAS-2019-1324)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2030.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127651
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127651
    titleRHEL 7 : python (RHSA-2019:2030)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1346.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1346 advisory. - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135247
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135247
    titleRHEL 7 : python (RHSA-2020:1346)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-D202CDA4F8.NASL
    descriptionPython 3.5 has now entered
    last seen2020-06-01
    modified2020-06-02
    plugin id130797
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130797
    titleFedora 29 : python35 (2019-d202cda4f8)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1835.NASL
    descriptionThe update issued as DLA-1835-1 caused a regression in the http.client library in Python 3.4 which was broken by the patch intended to fix CVE-2019-9740 and CVE-2019-9947. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126223
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126223
    titleDebian DLA-1835-2 : python3.4 regression update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2133.NASL
    descriptionThis update for python-urllib3 fixes the following issues : Security issues fixed : - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128865
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128865
    titleopenSUSE Security Update : python-urllib3 (openSUSE-2019-2133)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1658.NASL
    descriptionAccording to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-06-27
    plugin id126285
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126285
    titleEulerOS 2.0 SP8 : python3 (EulerOS-SA-2019-1658)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2442.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-05-08
    modified2019-12-04
    plugin id131596
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131596
    titleEulerOS 2.0 SP2 : python (EulerOS-SA-2019-2442)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1657.NASL
    descriptionAccording to the version of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-06-27
    plugin id126284
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126284
    titleEulerOS 2.0 SP8 : python2 (EulerOS-SA-2019-1657)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-57462FA10D.NASL
    descriptionPython 3.5 has now entered
    last seen2020-06-01
    modified2020-06-02
    plugin id130784
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130784
    titleFedora 31 : python35 (2019-57462fa10d)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2030.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128333
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128333
    titleCentOS 7 : python (CESA-2019:2030)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-7DF59302E0.NASL
    descriptionUpdate Python 3.6 to [3.6.9](https://www.python.org/downloads/release/python-369/), the latest security release of the 3.6 branch. [Changelog for 3.6.9 final](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6- 9-final) and [3.6.9 release candidate 1](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-re lease-candidate-1). Includes security fixes for CVE-2019-9636, CVE-2019-9740, CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126659
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126659
    titleFedora 29 : python36 (2019-7df59302e0)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1242.NASL
    descriptionAn issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. (CVE-2019-9740 , CVE-2019-9947)
    last seen2020-06-01
    modified2020-06-02
    plugin id127070
    published2019-07-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127070
    titleAmazon Linux AMI : python34 (ALAS-2019-1242)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-EC26883852.NASL
    descriptionSecurity fix for CVE-2019-9740 and CVE-2019-9947. Fix a regression introduced by the fix for CVE-2019-9636. Add manual page link for python3.7m. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125434
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125434
    titleFedora 29 : python3 (2019-ec26883852)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_PYTHON_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)
    last seen2020-03-18
    modified2019-08-27
    plugin id128254
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128254
    titleScientific Linux Security Update : python on SL7.x x86_64 (20190806)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2239.NASL
    descriptionAccording to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.(CVE-2019-11236) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740) - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.(CVE-2018-20060) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130701
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130701
    titleEulerOS 2.0 SP3 : python-urllib3 (EulerOS-SA-2019-2239)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2653.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340 however, this CVE applies to Python more generally.(CVE-2019-16056) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947) - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-05-08
    modified2019-12-18
    plugin id132188
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132188
    titleEulerOS 2.0 SP3 : python (EulerOS-SA-2019-2653)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-1FFD6B6064.NASL
    descriptionSecurity fix for CVE-2019-9740 and CVE-2019-9947. Fix a regression introduced by the fix for CVE-2019-9636. Add manual page link for python3.7m. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125229
    published2019-05-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125229
    titleFedora 30 : python3 (2019-1ffd6b6064)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0236_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126123
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126123
    titlePhoton OS 1.0: Python2 PHSA-2019-1.0-0236
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1532.NASL
    descriptionAccording to the versions of the python-pillow package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.(CVE-2016-4009) - An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)(CVE-2014-3589) - Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.(CVE-2014-3007) - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2014-1933) - Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.(CVE-2014-1932) - An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.(CVE-2019-16865) - libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.(CVE-2020-5313) - libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.(CVE-2020-5312) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2020-05-01
    plugin id136235
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136235
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2020-1532)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1247.NASL
    descriptionAn issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. (CVE-2019-9947 , CVE-2019-9740)
    last seen2020-06-01
    modified2020-06-02
    plugin id126959
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126959
    titleAmazon Linux 2 : python3 (ALAS-2019-1247)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1212.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740) - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340 however, this CVE applies to Python more generally.(CVE-2019-16056) - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-03-19
    modified2020-03-13
    plugin id134501
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134501
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : python (EulerOS-SA-2020-1212)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1462.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1462 advisory. - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-14
    plugin id135459
    published2020-04-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135459
    titleRHEL 7 : python (RHSA-2020:1462)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A449C604A43A11E9B422FCAA147E860E.NASL
    descriptionPython changelog : bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g.
    last seen2020-06-01
    modified2020-06-02
    plugin id126667
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126667
    titleFreeBSD : python 3.7 -- multiple vulnerabilities (a449c604-a43a-11e9-b422-fcaa147e860e)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1243.NASL
    descriptionAn issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. (CVE-2019-9740 , CVE-2019-9947) Python 2.7.x and 3.x are affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636)
    last seen2020-06-01
    modified2020-06-02
    plugin id127071
    published2019-07-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127071
    titleAmazon Linux AMI : python35 (ALAS-2019-1243)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1230.NASL
    descriptionPython 2.7.x through 2.7.16 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636). An issue was discovered in urllib2 in Python 2.x through 2.7.16. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. (CVE-2019-9740) An issue was discovered in urllib2 in Python 2.x through 2.7.16 . CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. (CVE-2019-9947)
    last seen2020-06-01
    modified2020-06-02
    plugin id126346
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126346
    titleAmazon Linux AMI : python27 (ALAS-2019-1230)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1204.NASL
    descriptionPython is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636) An issue was discovered in urllib2 in Python 3.6. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9740) An issue was discovered in urllib2 in Python 3.6. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947)
    last seen2020-06-01
    modified2020-06-02
    plugin id125604
    published2019-05-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125604
    titleAmazon Linux AMI : python36 (ALAS-2019-1204)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-7723D4774A.NASL
    descriptionUpdate Python 3.6 to [3.6.9](https://www.python.org/downloads/release/python-369/), the latest security release of the 3.6 branch. [Changelog for 3.6.9 final](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6- 9-final) and [3.6.9 release candidate 1](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-re lease-candidate-1). Includes security fixes for CVE-2019-9636, CVE-2019-9740, CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126658
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126658
    titleFedora 30 : python36 (2019-7723d4774a)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3335.NASL
    descriptionAn update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fix(es) : * numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution (CVE-2019-6446) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) * python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-23
    modified2019-11-06
    plugin id130527
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130527
    titleRHEL 8 : python27:2.7 (RHSA-2019:3335)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2131.NASL
    descriptionThis update for python-urllib3 fixes the following issues : Security issues fixed : - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128864
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128864
    titleopenSUSE Security Update : python-urllib3 (openSUSE-2019-2131)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0237_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126200
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126200
    titlePhoton OS 1.0: Python2 PHSA-2019-1.0-0237
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2225.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-05-08
    modified2019-11-08
    plugin id130687
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130687
    titleEulerOS 2.0 SP5 : python (EulerOS-SA-2019-2225)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1268.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1268 advisory. - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135089
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135089
    titleRHEL 7 : python (RHSA-2020:1268)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0237_PYTHON3.NASL
    descriptionAn update of the python3 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126201
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126201
    titlePhoton OS 1.0: Python3 PHSA-2019-1.0-0237
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0187_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Python
    last seen2020-06-01
    modified2020-06-02
    plugin id129884
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129884
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0187)

Redhat

advisories
  • rhsa
    idRHSA-2019:1260
  • rhsa
    idRHSA-2019:2030
  • rhsa
    idRHSA-2019:3335
  • rhsa
    idRHSA-2019:3520
  • rhsa
    idRHSA-2019:3725
rpms
  • python27-python-0:2.7.16-4.el6
  • python27-python-0:2.7.16-4.el7
  • python27-python-debug-0:2.7.16-4.el6
  • python27-python-debug-0:2.7.16-4.el7
  • python27-python-debuginfo-0:2.7.16-4.el6
  • python27-python-debuginfo-0:2.7.16-4.el7
  • python27-python-devel-0:2.7.16-4.el6
  • python27-python-devel-0:2.7.16-4.el7
  • python27-python-jinja2-0:2.6-12.el6
  • python27-python-jinja2-0:2.6-15.el7
  • python27-python-libs-0:2.7.16-4.el6
  • python27-python-libs-0:2.7.16-4.el7
  • python27-python-test-0:2.7.16-4.el6
  • python27-python-test-0:2.7.16-4.el7
  • python27-python-tools-0:2.7.16-4.el6
  • python27-python-tools-0:2.7.16-4.el7
  • python27-tkinter-0:2.7.16-4.el6
  • python27-tkinter-0:2.7.16-4.el7
  • python-0:2.7.5-86.el7
  • python-debug-0:2.7.5-86.el7
  • python-debuginfo-0:2.7.5-86.el7
  • python-devel-0:2.7.5-86.el7
  • python-libs-0:2.7.5-86.el7
  • python-test-0:2.7.5-86.el7
  • python-tools-0:2.7.5-86.el7
  • tkinter-0:2.7.5-86.el7
  • Cython-debugsource-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • PyYAML-debugsource-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • numpy-debugsource-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python-coverage-debugsource-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python-lxml-debugsource-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python-nose-docs-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debugsource-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-doc-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-pymongo-debugsource-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-sqlalchemy-doc-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-Cython-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-Cython-debuginfo-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-PyMySQL-0:0.8.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-attrs-0:17.4.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • python2-backports-0:1.0-15.module+el8.1.0+3111+de3f2d8e
  • python2-backports-ssl_match_hostname-0:3.5.0.1-11.module+el8.1.0+3111+de3f2d8e
  • python2-bson-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-bson-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-chardet-0:3.0.4-10.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-debuginfo-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-debug-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-debuginfo-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-debugsource-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-devel-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-dns-0:1.15.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-docs-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docs-info-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docutils-0:0.14-12.module+el8.1.0+3111+de3f2d8e
  • python2-funcsigs-0:1.0.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-idna-0:2.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-ipaddress-0:1.0.18-6.module+el8.1.0+3111+de3f2d8e
  • python2-jinja2-0:2.10-8.module+el8.1.0+3111+de3f2d8e
  • python2-libs-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-lxml-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-lxml-debuginfo-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-markupsafe-0:0.23-19.module+el8.1.0+3111+de3f2d8e
  • python2-mock-0:2.0.0-13.module+el8.1.0+3111+de3f2d8e
  • python2-nose-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python2-numpy-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-debuginfo-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-doc-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-f2py-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-pip-0:9.0.3-14.module+el8.1.0+3446+c3d52da3
  • python2-pip-wheel-0:9.0.3-14.module+el8.1.0+3446+c3d52da3
  • python2-pluggy-0:0.6.0-8.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-tests-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-py-0:1.5.3-6.module+el8.1.0+3111+de3f2d8e
  • python2-pygments-0:2.2.0-20.module+el8.1.0+3111+de3f2d8e
  • python2-pymongo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-gridfs-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pysocks-0:1.6.8-6.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-0:3.4.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-mock-0:1.9.0-4.module+el8.1.0+3111+de3f2d8e
  • python2-pytz-0:2017.2-12.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-debuginfo-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-requests-0:2.20.0-2.module+el8.1.0+3111+de3f2d8e
  • python2-rpm-macros-0:3-38.module+el8.1.0+3111+de3f2d8e
  • python2-scipy-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-scipy-debuginfo-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-setuptools-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools-wheel-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools_scm-0:1.15.7-6.module+el8.1.0+3111+de3f2d8e
  • python2-six-0:1.11.0-5.module+el8.1.0+3111+de3f2d8e
  • python2-sqlalchemy-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-test-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-tkinter-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-tools-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-urllib3-0:1.24.2-1.module+el8.1.0+3280+19512f10
  • python2-virtualenv-0:15.1.0-19.module+el8.1.0+3507+d69c168d
  • python2-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • python2-wheel-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • scipy-debugsource-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • platform-python-0:3.6.8-15.1.el8
  • platform-python-debug-0:3.6.8-15.1.el8
  • platform-python-devel-0:3.6.8-15.1.el8
  • python3-debuginfo-0:3.6.8-15.1.el8
  • python3-debugsource-0:3.6.8-15.1.el8
  • python3-idle-0:3.6.8-15.1.el8
  • python3-libs-0:3.6.8-15.1.el8
  • python3-test-0:3.6.8-15.1.el8
  • python3-tkinter-0:3.6.8-15.1.el8
  • rh-python36-python-0:3.6.9-2.el6
  • rh-python36-python-0:3.6.9-2.el7
  • rh-python36-python-debug-0:3.6.9-2.el6
  • rh-python36-python-debug-0:3.6.9-2.el7
  • rh-python36-python-debuginfo-0:3.6.9-2.el6
  • rh-python36-python-debuginfo-0:3.6.9-2.el7
  • rh-python36-python-devel-0:3.6.9-2.el6
  • rh-python36-python-devel-0:3.6.9-2.el7
  • rh-python36-python-libs-0:3.6.9-2.el6
  • rh-python36-python-libs-0:3.6.9-2.el7
  • rh-python36-python-test-0:3.6.9-2.el6
  • rh-python36-python-test-0:3.6.9-2.el7
  • rh-python36-python-tkinter-0:3.6.9-2.el6
  • rh-python36-python-tkinter-0:3.6.9-2.el7
  • rh-python36-python-tools-0:3.6.9-2.el6
  • rh-python36-python-tools-0:3.6.9-2.el7
  • python-0:2.7.5-74.el7_5
  • python-debug-0:2.7.5-74.el7_5
  • python-debuginfo-0:2.7.5-74.el7_5
  • python-devel-0:2.7.5-74.el7_5
  • python-libs-0:2.7.5-74.el7_5
  • python-test-0:2.7.5-74.el7_5
  • python-tools-0:2.7.5-74.el7_5
  • tkinter-0:2.7.5-74.el7_5
  • python-0:2.7.5-63.el7_4
  • python-debug-0:2.7.5-63.el7_4
  • python-debuginfo-0:2.7.5-63.el7_4
  • python-devel-0:2.7.5-63.el7_4
  • python-libs-0:2.7.5-63.el7_4
  • python-test-0:2.7.5-63.el7_4
  • python-tools-0:2.7.5-63.el7_4
  • tkinter-0:2.7.5-63.el7_4
  • python-0:2.7.5-83.el7_6
  • python-debug-0:2.7.5-83.el7_6
  • python-debuginfo-0:2.7.5-83.el7_6
  • python-devel-0:2.7.5-83.el7_6
  • python-libs-0:2.7.5-83.el7_6
  • python-test-0:2.7.5-83.el7_6
  • python-tools-0:2.7.5-83.el7_6
  • tkinter-0:2.7.5-83.el7_6

References