Updated python packages fix security vulnerability
Publication date: 13 Oct 2022Modification date: 13 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2015-20107 , CVE-2021-4189 , CVE-2022-0391
Description
The mailcap module does not add escape characters into commands discovered
in the system mailcap file. (CVE-2015-20107)
Allows an attacker to set up a malicious FTP server that can trick FTP
clients into connecting back to a given IP address and port.
(CVE-2021-4189)
The urlparse method does not sanitize input and allows characters like
'\r' and '\n' in the URL path. This flaw allows an attacker to input a
crafted URL, leading to injection attacks. (CVE-2022-0391)
References
- https://bugs.mageia.org/show_bug.cgi?id=30572
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/
- https://ubuntu.com/security/notices/USN-5519-1
- https://lists.suse.com/pipermail/sle-security-updates/2022-October/012483.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AOHEWJI4EPENRFNUSCXL2KZG7QSBH2MJ/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391
SRPMS
8/core
- python-2.7.18-7.5.mga8