Advisories ยป MGASA-2019-0148

Updated python packages fix security vulnerability

Publication date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-9636


A vulnerability was found in Python 2.x through 2.7.16. An improper
Handling of Unicode Encoding (with an incorrect netloc) during NFKC
normalization could lead to an Information Disclosure (credentials,
cookies, etc. that are cached against a given hostname) in the
urllib.parse.urlsplit, urllib.parse.urlparse components. A specially
crafted URL could be incorrectly parsed to locate cookies or
authentication data and send that information to a different host than
when parsed correctly (CVE-2019-9636).