Linux Security
Linux Security
Linux Security

Mageia 2021-0171: python-bottle security update

Date 02 Apr 2021
65
Posted By LinuxSecurity Advisories
Updated python-bottle packages fix security vulnerability: python-bottle before 0.12.19 is vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the
MGASA-2021-0171 - Updated python-bottle packages fix security vulnerability

Publication date: 02 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0171.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-28473

Updated python-bottle packages fix security vulnerability:

python-bottle before 0.12.19 is vulnerable to Web Cache Poisoning by using
a vector called parameter cloaking. When the attacker can separate query
parameters using a semicolon (;), they can cause a difference in the
interpretation of the request between the proxy (running with default
configuration) and the server. This can result in malicious requests being
cached as completely safe ones, as the proxy would usually not see the
semicolon as a separator, and therefore would not include it in a cache key
of an unkeyed parameter (CVE-2020-28473).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28219
- https://www.debian.org/lts/security/2021/dla-2531
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28473

SRPMS:
- 7/core/python-bottle-0.12.16-1.1.mga7

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"69","type":"x","order":"1","pct":75.82,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"14","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"181","title":"Hardly ever","votes":"8","type":"x","order":"3","pct":8.79,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.