Debian Stretch: DLA-2337-1 Moderate: Python2.7 Security Issues
debian lts
August 22, 2020
Multiple vulnerabilities were discovered in Python2.7, an interactive high-level object-oriented language
Topics Covered
Summary
Multiple vulnerabilities were discovered in Python2.7, an interactive
high-level object-oriented language.
CVE-2018-20852
By using a malicious server an attacker might steal cookies that are
meant for other domains.
CVE-2019-5010
NULL pointer dereference using a specially crafted X509 certificate.
CVE-2019-9636
Improper Handling of Unicode Encoding (with an incorrect netloc)
during NFKC normalization resulting in information disclosure
(credentials, cookies, etc. that are cached against a given
hostname). A specially crafted URL could be incorrectly parsed to
locate cookies or authentication data and send that information to
a different host than when parsed correctly.
CVE-2019-9740
An issue was discovered in urllib2 where CRLF injection is possible
if the attacker controls a url parameter, as demonstrated by the
first argument to urllib.request.urlopen with \r\n (specifically in
PREVIOUS
NEXT
Package: python2.7
Version: 2.7.13-2+deb9u4
CVE ID: CVE-2018-20852 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!