Mageia: 2020-1234 Critical Ruby Security Vulnerability Report
mageia
April 10, 2019
A vulnerability was found in Python 2.x through 2.7.16
Summary
A vulnerability was found in Python 2.x through 2.7.16. An improper
Handling of Unicode Encoding (with an incorrect netloc) during NFKC
normalization could lead to an Information Disclosure (credentials,
cookies, etc. that are cached against a given hostname) in the
urllib.parse.urlsplit, urllib.parse.urlparse components. A specially
crafted URL could be incorrectly parsed to locate cookies or
authentication data and send that information to a different host than
when parsed correctly (CVE-2019-9636).
References
- https://bugs.mageia.org/show_bug.cgi?id=24640
- https://access.redhat.com/errata/RHSA-2019:0710
- https://www.cve.org/CVERecord?id=CVE-2019-9636
Resolution
SRPMS
- 6/core/python-2.7.15-1.3.mga6
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 10 Apr 2019
URL: https://advisories.mageia.org/MGASA-2019-0148.html
Type: security
CVE: CVE-2019-9636
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!