Updated python and python3 packages fix security vulnerabilities
Publication date: 08 Dec 2020Modification date: 08 Dec 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-9674 , CVE-2019-17514 , CVE-2019-20907 , CVE-2020-8492 , CVE-2020-14422 , CVE-2020-26116
Description
It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service (CVE-2019-9674). It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information (CVE-2019-17514). It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service (CVE-2019-20907). It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service (CVE-2020-8492). It was discovered that Python incorrectly handled certain IP values. An attacker could possibly use this issue to cause a denial of service (CVE-2020-14422). It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection (CVE-2020-26116). The CVE-2020-14422 issue only affected python3.
References
- https://bugs.mageia.org/show_bug.cgi?id=26268
- https://ubuntu.com/security/notices/USN-4428-1
- https://ubuntu.com/security/notices/USN-4333-1
- https://ubuntu.com/security/notices/USN-4581-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/
- https://access.redhat.com/errata/RHSA-2020:4273
- https://access.redhat.com/errata/RHSA-2020:4299
- https://access.redhat.com/errata/RHSA-2020:4433
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17514
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20907
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8492
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14422
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116
SRPMS
7/core
- python-2.7.18-1.1.mga7
- python3-3.7.9-1.mga7