Mageia 8: 2022-0367 Moderate: Python Mailcap And Urlparse Security Threats
mageia
October 13, 2022
The mailcap module does not add escape characters into commands discovered in the system mailcap file
Summary
The mailcap module does not add escape characters into commands discovered
in the system mailcap file. (CVE-2015-20107)
Allows an attacker to set up a malicious FTP server that can trick FTP
clients into connecting back to a given IP address and port.
(CVE-2021-4189)
The urlparse method does not sanitize input and allows characters like
'\r' and '\n' in the URL path. This flaw allows an attacker to input a
crafted URL, leading to injection attacks. (CVE-2022-0391)
References
- https://bugs.mageia.org/show_bug.cgi?id=30572
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/
- https://ubuntu.com/security/notices/USN-5519-1
- https://lists.suse.com/pipermail/sle-security-updates/2022-October/012483.html
-
- https://www.cve.org/CVERecord?id=CVE-2015-20107
- https://www.cve.org/CVERecord?id=CVE-2021-4189
- https://www.cve.org/CVERecord?id=CVE-2022-0391
Resolution
SRPMS
- 8/core/python-2.7.18-7.5.mga8
PREVIOUS
NEXT
Publication date: 13 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0367.html
Type: security
CVE: CVE-2015-20107,
CVE-2021-4189,
CVE-2022-0391
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!