Advisories ยป MGASA-2022-0367

Updated python packages fix security vulnerability

Publication date: 13 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2015-20107 , CVE-2021-4189 , CVE-2022-0391


The mailcap module does not add escape characters into commands discovered
in the system mailcap file. (CVE-2015-20107)
Allows an attacker to set up a malicious FTP server that can trick FTP
clients into connecting back to a given IP address and port.
The urlparse method does not sanitize input and allows characters like
'\r' and '\n' in the URL path. This flaw allows an attacker to input a
crafted URL, leading to injection attacks.  (CVE-2022-0391)