ALT-BU-2021-3735-1
Branch c9f1 update bulletin.
Closed vulnerabilities
BDU:2021-00726
Уязвимость функции _proc_pax (Lib/tarfile.py) интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03738
Уязвимость метода HTTP запроса языка программирования Python, связанная с недостатком механизма кодирование или экранирование выходных данных, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
Modified: 2024-11-21
CVE-2019-20907
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
- openSUSE-SU-2020:1254
- openSUSE-SU-2020:1254
- openSUSE-SU-2020:1257
- openSUSE-SU-2020:1257
- openSUSE-SU-2020:1258
- openSUSE-SU-2020:1258
- openSUSE-SU-2020:1265
- openSUSE-SU-2020:1265
- https://bugs.python.org/issue39017
- https://bugs.python.org/issue39017
- https://github.com/python/cpython/pull/21454
- https://github.com/python/cpython/pull/21454
- [debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update
- [debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update
- [debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update
- [debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update
- [debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update
- [debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update
- FEDORA-2020-c539babb0a
- FEDORA-2020-c539babb0a
- FEDORA-2020-e9251de272
- FEDORA-2020-e9251de272
- FEDORA-2020-efb908b6a8
- FEDORA-2020-efb908b6a8
- FEDORA-2020-982b2950db
- FEDORA-2020-982b2950db
- FEDORA-2020-bb919e575e
- FEDORA-2020-bb919e575e
- FEDORA-2020-87c0a0a52d
- FEDORA-2020-87c0a0a52d
- FEDORA-2020-d30881c970
- FEDORA-2020-d30881c970
- FEDORA-2020-826b24c329
- FEDORA-2020-826b24c329
- FEDORA-2020-97d775e649
- FEDORA-2020-97d775e649
- FEDORA-2020-c3b07cc5c9
- FEDORA-2020-c3b07cc5c9
- FEDORA-2020-d808fdd597
- FEDORA-2020-d808fdd597
- FEDORA-2020-dfb11916cc
- FEDORA-2020-dfb11916cc
- FEDORA-2020-1ddd5273d6
- FEDORA-2020-1ddd5273d6
- FEDORA-2020-aab24d3714
- FEDORA-2020-aab24d3714
- GLSA-202008-01
- GLSA-202008-01
- https://security.netapp.com/advisory/ntap-20200731-0002/
- https://security.netapp.com/advisory/ntap-20200731-0002/
- USN-4428-1
- USN-4428-1
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
Modified: 2024-11-21
CVE-2020-26116
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
- openSUSE-SU-2020:1859
- openSUSE-SU-2020:1859
- https://bugs.python.org/issue39603
- https://bugs.python.org/issue39603
- [debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update
- [debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update
- [debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update
- [debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update
- FEDORA-2020-221823ebdd
- FEDORA-2020-221823ebdd
- FEDORA-2020-e33acdea18
- FEDORA-2020-e33acdea18
- FEDORA-2020-887d3fa26f
- FEDORA-2020-887d3fa26f
- FEDORA-2020-d30881c970
- FEDORA-2020-d30881c970
- FEDORA-2020-d42cb01973
- FEDORA-2020-d42cb01973
- https://python-security.readthedocs.io/vuln/http-header-injection-method.html
- https://python-security.readthedocs.io/vuln/http-header-injection-method.html
- GLSA-202101-18
- GLSA-202101-18
- https://security.netapp.com/advisory/ntap-20201023-0001/
- https://security.netapp.com/advisory/ntap-20201023-0001/
- USN-4581-1
- USN-4581-1
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html