MGASA-2020-0451
Vulnerability Summary
Timeline
Description
Updated python and python3 packages fix security vulnerabilities It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service (CVE-2019-9674). It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information (CVE-2019-17514). It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service (CVE-2019-20907). It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service (CVE-2020-8492). It was discovered that Python incorrectly handled certain IP values. An attacker could possibly use this issue to cause a denial of service (CVE-2020-14422). It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection (CVE-2020-26116). The CVE-2020-14422 issue only affected python3.
Affected Systems
- mageia•python
< 2.7.18-1.1.mga7
- mageia•python3
< 3.7.9-1.mga7
References (9)
- https://advisories.mageia.org/MGASA-2020-0451.html
- https://bugs.mageia.org/show_bug.cgi?id=26268
- https://ubuntu.com/security/notices/USN-4428-1
- https://ubuntu.com/security/notices/USN-4333-1
- https://ubuntu.com/security/notices/USN-4581-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/
- https://access.redhat.com/errata/RHSA-2020:4273
- https://access.redhat.com/errata/RHSA-2020:4299
- https://access.redhat.com/errata/RHSA-2020:4433