ArchLinux: 201911-4: python2: information disclosure

    Date04 Nov 2019
    Posted ByLinuxSecurity Advisories
    The package python2 before version 2.7.17-1 is vulnerable to information disclosure.
    Arch Linux Security Advisory ASA-201911-4
    Severity: High
    Date    : 2019-11-03
    CVE-ID  : CVE-2019-9636
    Package : python2
    Type    : information disclosure
    Remote  : Yes
    Link    :
    The package python2 before version 2.7.17-1 is vulnerable to
    information disclosure.
    Upgrade to 2.7.17-1.
    # pacman -Syu "python2>=2.7.17-1"
    The problem has been fixed upstream in version 2.7.17.
    Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by
    improper Handling of Unicode Encoding (with an incorrect netloc) during
    NFKC normalization. A specially crafted URL could be incorrectly parsed
    by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or
    authentication data and send that information to a different host than
    when parsed correctly.
    A remote attacker is able to craft a malicious URL and transfer private
    data to a different host than expected.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"29","type":"x","order":"1","pct":90.63,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":6.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":3.13,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.