Advisories ยป MGASA-2020-0451

Updated python and python3 packages fix security vulnerabilities

Publication date: 08 Dec 2020
Modification date: 08 Dec 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-9674 , CVE-2019-17514 , CVE-2019-20907 , CVE-2020-8492 , CVE-2020-14422 , CVE-2020-26116

Description

It was discovered that incorrectly handled certain ZIP files. An attacker
could possibly use this issue to cause a denial of service (CVE-2019-9674).

It was discovered that Python documentation had a misleading information. A
security issue could be possibly caused by wrong assumptions of this
information (CVE-2019-17514).

It was discovered that Python incorrectly handled certain TAR archives. An
attacker could possibly use this issue to cause a denial of service
(CVE-2019-20907).

It was discovered that Python incorrectly handled certain HTTP requests. An
attacker could possibly use this issue to cause a denial of service
(CVE-2020-8492).

It was discovered that Python incorrectly handled certain IP values. An
attacker could possibly use this issue to cause a denial of service
(CVE-2020-14422).

It was discovered that Python incorrectly handled certain character sequences.
A remote attacker could possibly use this issue to perform CRLF injection
(CVE-2020-26116).

The CVE-2020-14422 issue only affected python3.

References

SRPMS

7/core