Download
| Alert*
oval:org.secpod.oval:def:504682
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:61194 The host is installed with Python 2.7 through 2.7.17, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 and is prone to an unsafe dll loading vulnerability. A flaw is present in the application, which fails to properly handle verification of api-ms-win-core-path-l1-1-0.dll that can be loa ... oval:org.secpod.oval:def:70205 python3.8: Interactive high-level object-oriented language Details: USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Linux Mint 20.x LTS. Original advisory Several security issues were fixed in Python. oval:org.secpod.oval:def:70193 python3.7: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:89043697 This update for python fixes the following security issue: - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP . oval:org.secpod.oval:def:89050288 This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP . Non-security issue fixed: - If the locale ... oval:org.secpod.oval:def:89050352 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation, warning about dangers of zip-bombs . - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP . oval:org.secpod.oval:def:1601177 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking oval:org.secpod.oval:def:1601175 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking oval:org.secpod.oval:def:118402 Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software Co ... oval:org.secpod.oval:def:118281 Python 3.8 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, update your Fedora to a newer version once Python 3.8 is stable. oval:org.secpod.oval:def:1801787 Python 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. oval:org.secpod.oval:def:118267 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ... oval:org.secpod.oval:def:2106089 Oracle Solaris 11 - ( CVE-2020-8492 ) oval:org.secpod.oval:def:68018 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:89000075 This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed t ... oval:org.secpod.oval:def:1700378 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking oval:org.secpod.oval:def:89000307 This update for python3 fixes the following issue: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised . - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . - CVE-2020-8492: Fixed a regular expre ... oval:org.secpod.oval:def:706254 python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Python could be made to crash if it receives specially crafted input from a malicious server. oval:org.secpod.oval:def:89000663 This update for python36 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP . Non-security issue fixed: - If the locale ... oval:org.secpod.oval:def:77044 python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Python could be made to crash if it receives specially crafted input from a malicious server. oval:org.secpod.oval:def:1701657 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking oval:org.secpod.oval:def:2003944 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. oval:org.secpod.oval:def:2500115 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:705439 python3.7: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:705460 python3.8: Interactive high-level object-oriented language Details: USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory Several security issues were fixed in Python. oval:org.secpod.oval:def:1505328 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:705928 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Details: USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu ... oval:org.secpod.oval:def:70554 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Details: USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Linux ... oval:org.secpod.oval:def:89000446 This update for python36 fixes the following issues: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen - CVE-2019-20916: Fixed a directory traversal in _download_http_url . - CVE-2020-27619: Fixed an issue where the CJK codec tests call eval on content retrieve ... oval:org.secpod.oval:def:89048004 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. The following non-security bug was fixed: - Fixed a crash in the garbage co ... oval:org.secpod.oval:def:3300960 SUSE Security Update: Security update for python3 oval:org.secpod.oval:def:89047169 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 , where Lib/test/multibytecodec_support calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 - ad ... oval:org.secpod.oval:def:67954 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:504961 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:205644 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1504344 [3.6.8-17.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-17] - Overhaul pythons FIPS mode support Resolves: rhbz#1788459 [3.6.8-16] - Security fix for CVE-2020-8492 Resolves: rhbz#1810616 [3.6.8-15] - Security fix for CVE-2019-16935 Resolves: rhbz#1797999 [3.6.8-14] - ... oval:org.secpod.oval:def:504779 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1504149 [3.6.8-31.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-31] - Avoid infinite loop when reading specially crafted TAR files Resolves: rhbz#1856481 - Resolve hash collisions for Pv4Interface and IPv6Interface Resolves: rhbz#1854926 [3.6.8-30] - Remove downstream 00178 ... oval:org.secpod.oval:def:89000166 This update for python36 fixes the following issues: Update to 3.6.12, including the following fixes: - Fixed a directory traversal in _download_http_url - Fixed CRLF injection via HTTP request method in httplib/http.client - Fixed possible infinite loop in specifically crafted tarball - Fixed a ... oval:org.secpod.oval:def:97568 [CLSA-2021:1633442879] Fixed CVEs in python: CVE-2020-8492, CVE-2020-27619, CVE-2018-20852, CVE-2020-26116 oval:org.secpod.oval:def:89000524 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 , where Lib/test/multibytecodec_support calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 - ad ... oval:org.secpod.oval:def:504346 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:2500149 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:1700340 http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname ... |