Advisories » MGASA-2017-0031

Updated python-bottle packages fix security vulnerability

Publication date: 29 Jan 2017
Modification date: 29 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9964

Description

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n"
sequence, which leads to a CRLF attack, as demonstrated by a
redirect("233\r\nSet-Cookie: name=salt") call. (CVE-2016-9964)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20004
• https://lwn.net/Vulnerabilities/709842/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9964

SRPMS

5/core

• python-bottle-0.12.11-1.mga5