Download
| Alert*
oval:org.secpod.oval:def:108713
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:1800240 python is installed oval:org.secpod.oval:def:61193 The host is installed with Python 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 and is prone to an unsafe dll loading vulnerability. A flaw is present in the application, which fails to properly handle verification of api-ms-win-core-path-l1-1-0.dll that can be loaded and used instead ... oval:org.secpod.oval:def:204680 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * The ... oval:org.secpod.oval:def:203110 python is installed oval:org.secpod.oval:def:61460 The host is installed with Python through 3.7.2 and is prone to an uncontrolled resource consumption vulnerability. The flaw is present in the application, which fails to properly handle Lib/zipfile.py. Successful exploitation allows remote attackers to cause a denial-of-service. oval:org.secpod.oval:def:107111 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:61194 The host is installed with Python 2.7 through 2.7.17, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 and is prone to an unsafe dll loading vulnerability. A flaw is present in the application, which fails to properly handle verification of api-ms-win-core-path-l1-1-0.dll that can be loa ... oval:org.secpod.oval:def:3301071 SUSE Security Update: Security update for python oval:org.secpod.oval:def:89050352 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation, warning about dangers of zip-bombs . - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP . oval:org.secpod.oval:def:89050327 This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised . - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . oval:org.secpod.oval:def:89050303 This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs . oval:org.secpod.oval:def:89050310 This update for python fixes the following issues: - bsc#1177211 no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. oval:org.secpod.oval:def:89047139 This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator . oval:org.secpod.oval:def:89047164 This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading after a http 100. - CVE-2021-3733: Fixed ReDoS in urllib.request oval:org.secpod.oval:def:89047440 This update for python fixes the following issues: - CVE-2022-0391: Fixed URL sanitization containing ASCII newline and tabs in urlparse . - CVE-2021-4189: Fixed ftplib not to trust the PASV response . - CVE-2021-3572: Fixed an improper handling of unicode characters in pip . oval:org.secpod.oval:def:1502003 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502097 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * The ... oval:org.secpod.oval:def:705439 python3.7: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:89000075 This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed t ... oval:org.secpod.oval:def:1504728 [2.7.5-90.0.3] - Fix buffer overflow in PyCArg_repr [Orabug: 32551171][CVE-2021-3177] oval:org.secpod.oval:def:1701914 An XML External Entity issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities oval:org.secpod.oval:def:89050212 This update for python fixes the following issues: * CVE-2022-48566: Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. * CVE-2022-48565: Fixed an XXE in the plistlib module oval:org.secpod.oval:def:97606 [CLSA-2022:1646665957] Fixed CVE-2022-0391 in python oval:org.secpod.oval:def:97611 [CLSA-2022:1647958513] Fixed CVE-2021-3737 in python oval:org.secpod.oval:def:97661 [CLSA-2022:1658347112] Fixed CVE-2015-20170 in python oval:org.secpod.oval:def:97753 [CLSA-2023:1696878189] python: Fix of CVE-2022-48565 oval:org.secpod.oval:def:97761 [CLSA-2023:1698101603] python: Fix of CVE-2022-48560 oval:org.secpod.oval:def:1702011 An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest oval:org.secpod.oval:def:89047233 This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url oval:org.secpod.oval:def:89047213 This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution . - Provide the newest setuptools wheel in their correct form . oval:org.secpod.oval:def:500037 Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the curr ... oval:org.secpod.oval:def:89048201 This update for python fixes the following issues: - CVE-2022-45061: Fixed an excessive CPU usage when decoding crafted IDNA domain names . Non-security fixes: - Fixed the 2038 bug in the compileall module . oval:org.secpod.oval:def:89047542 This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // . oval:org.secpod.oval:def:1506610 [2.7.5-93.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-93] - Fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:89046723 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . oval:org.secpod.oval:def:89046724 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . oval:org.secpod.oval:def:89047499 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . oval:org.secpod.oval:def:3300529 SUSE Security Update: Security update for python oval:org.secpod.oval:def:3300925 SUSE Security Update: Security update for python oval:org.secpod.oval:def:97737 [CLSA-2023:1689886440] python: Fix of CVE-2023-24329 oval:org.secpod.oval:def:507787 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:507786 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:89049101 This update for python fixes the following issues: * CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters . oval:org.secpod.oval:def:97717 [CLSA-2023:1678136944] python: Fix of CVE-2023-24329 oval:org.secpod.oval:def:1701208 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by r ... oval:org.secpod.oval:def:89048548 This update for python fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . * CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names . The following non-security bug was fixed: * ... oval:org.secpod.oval:def:97690 [CLSA-2022:1669236630] python: Fix of CVE-2022-45061 oval:org.secpod.oval:def:89002453 This update for python fixes the following issues: Security issues fixed: - CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution . - CVE-2018-1000030: Fixed crash inside the Python inte ... oval:org.secpod.oval:def:89050772 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a "file:" blacklist bypass in URIs by using the "local-file:" scheme instead . - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization ... oval:org.secpod.oval:def:89050531 This update for python fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser oval:org.secpod.oval:def:89002459 This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE- ... oval:org.secpod.oval:def:97532 [CLSA-2021:1616001357] Fixed CVE-2019-10160 in python oval:org.secpod.oval:def:89002336 This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib . - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop method in pop3lib . - CVE-2016 ... oval:org.secpod.oval:def:500551 Python is an interpreted, interactive, object-oriented programming language. When the assert system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory ... oval:org.secpod.oval:def:500277 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:205547 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package provid ... oval:org.secpod.oval:def:1700212 urllib in Python 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call oval:org.secpod.oval:def:1501098 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:1501653 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * A v ... oval:org.secpod.oval:def:1500324 Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a d ... oval:org.secpod.oval:def:108753 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:1700280 An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers o ... oval:org.secpod.oval:def:20982 The host is installed with Python 2.5 before 2.7.7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted string. Successful exploitation could allow attackers to execute arbitrary code via a crafted string. oval:org.secpod.oval:def:111241 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:503270 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:503394 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:501891 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * A v ... oval:org.secpod.oval:def:203990 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:201575 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:110863 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:89050552 This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . oval:org.secpod.oval:def:110625 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:110865 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:113695 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:501140 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note th ... oval:org.secpod.oval:def:1502484 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502638 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1501555 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:203989 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:202139 Python is an interpreted, interactive, object-oriented programming language. When the assert system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory ... oval:org.secpod.oval:def:1501556 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:1800648 CPython up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow oval:org.secpod.oval:def:89003079 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation . oval:org.secpod.oval:def:110850 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:89002025 This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module via passage of unfiltered user input . - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib . - C ... oval:org.secpod.oval:def:89003470 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a "file:" blacklist bypass in URIs by using the "local-file:" scheme instead . - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization ... oval:org.secpod.oval:def:202361 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:89049715 This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module via passage of unfiltered user input oval:org.secpod.oval:def:503576 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package provid ... oval:org.secpod.oval:def:1800750 CVE-2016-0772: smtplib StartTLS stripping attack. CVE-2016-5636: Heap overflow in zipimporter module . CVE-2016-5699: HTTP header injection in urrlib2/urllib/ oval:org.secpod.oval:def:501714 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ... oval:org.secpod.oval:def:1502537 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1800239 CVE-2016-0772: smtplib StartTLS stripping attack. CVE-2016-5636: Heap overflow in zipimporter module . CVE-2016-5699: HTTP header injection in urrlib2/urllib/ oval:org.secpod.oval:def:205518 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:89003067 This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module . - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py . oval:org.secpod.oval:def:89003221 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a "file:" blacklist bypass in URIs by using the "local-file:" scheme instead . - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization ... oval:org.secpod.oval:def:89002491 This update for python fixes the following issue: - CVE-2018-14647: Python"s elementtree C accelerator failed to initialise Expat"s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathologica ... oval:org.secpod.oval:def:89003064 This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser . - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat . Non-security issue fixed: - Fixed a bug where PyWeakReference struc ... oval:org.secpod.oval:def:205342 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:204253 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ... oval:org.secpod.oval:def:500074 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:202194 Python is an interpreted, interactive, object-oriented programming language. When the assert system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory ... oval:org.secpod.oval:def:205184 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:21805 The host is installed with python before 2.7.8 and is prone to an integer overflow vulnerability. A flaw is present in the application, which does not properly handle a large size and offset in a "buffer" function. Successful exploitation allows context-dependent attackers to obtain sensitive inform ... oval:org.secpod.oval:def:1502265 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:503625 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:107190 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:202359 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:89050722 This update for python fixes the following issues: - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation . oval:org.secpod.oval:def:107863 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:111202 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:89050320 This update for python fixes the following issues: Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions . oval:org.secpod.oval:def:107746 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:59590 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:204246 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ... oval:org.secpod.oval:def:205614 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:501611 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ... oval:org.secpod.oval:def:105846 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:89003172 This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module . - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py . oval:org.secpod.oval:def:89045130 This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack - CVE-2016-5699: incorrect validation of HTTP headers allow header injection - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_ ... oval:org.secpod.oval:def:89003321 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation . oval:org.secpod.oval:def:107897 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:110781 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:89002512 This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE- ... oval:org.secpod.oval:def:204111 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * A v ... oval:org.secpod.oval:def:89050906 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. - CVE-2019-16056: Fixed a parser issue in the email module. - CVE-2019-16 ... oval:org.secpod.oval:def:501864 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:500813 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:500814 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:205725 Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 oval:org.secpod.oval:def:106394 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:110773 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:89002340 This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module via passage of unfiltered user input . - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib . - C ... oval:org.secpod.oval:def:97568 [CLSA-2021:1633442879] Fixed CVEs in python: CVE-2020-8492, CVE-2020-27619, CVE-2018-20852, CVE-2020-26116 oval:org.secpod.oval:def:107928 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:201594 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:503136 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1501247 The remote host is missing a patch containing a security fix, which affects the following package(s): python oval:org.secpod.oval:def:3301814 Security update for python oval:org.secpod.oval:def:97782 [CLSA-2024:1705079922] python: Fix of CVE-2023-40217 oval:org.secpod.oval:def:89049420 This update for python fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets . oval:org.secpod.oval:def:89049812 This update for python fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets . oval:org.secpod.oval:def:1507147 [2.7.5-94.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-94] - Security fix for CVE-2023-40217 Resolves: RHEL-9615 oval:org.secpod.oval:def:3302040 Security update for python oval:org.secpod.oval:def:89051448 This update for python fixes the following issues: * CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character . |