Mageia Advisory: MGASA-2019-0148 - Updated python packages fix security vulnerability

Updated python packages fix security vulnerability

Publication date: 10 Apr 2019
Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-9636

Description

A vulnerability was found in Python 2.x through 2.7.16. An improper
Handling of Unicode Encoding (with an incorrect netloc) during NFKC
normalization could lead to an Information Disclosure (credentials,
cookies, etc. that are cached against a given hostname) in the
urllib.parse.urlsplit, urllib.parse.urlparse components. A specially
crafted URL could be incorrectly parsed to locate cookies or
authentication data and send that information to a different host than
when parsed correctly (CVE-2019-9636).

References

https://bugs.mageia.org/show_bug.cgi?id=24640
https://access.redhat.com/errata/RHSA-2019:0710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636

SRPMS

6/core

python-2.7.15-1.3.mga6

Advisories » MGASA-2019-0148

Updated python packages fix security vulnerability

Description

References

SRPMS

6/core