Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Fedora 31: 2020-e33acdea18 Critical: Python2 Control Char Fix

Fix CVE-2020-26116: Reject control chars in HTTP method in httplib. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-e33acdea18 2020-10-30 01:14:56.947527 --------------------------------------------------------------------------------Name : python2 Product : Fedora 31 Version : 2.7.18 Release : 6.fc31 URL : https://www.python.org/ Summary : An interpreted, interactive, object-oriented programming language Description : Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed in the 3.x line. Note that documentation for Python 2 is provided in the python2-docs package. This package provides the "python2" executable; most of the actual implementation is within the "python2-libs" package. --------------------------------------------------------------------------------Update Information: Fix CVE-2020-26116: Reject control chars in HTTP method in httplib --------------------------------------------------------------------------------ChangeLog: * Wed Sep 30 2020 Petr Viktorin - 2.7.18-6 - CVE-2020-26116: Reject control chars in HTTP method in httplib.putrequest * Tue Sep 29 2020 Petr Viktorin - 2.7.18-5 - Import patches from GitHub tree --------------------------------------------------------------------------------References: [ 1 ] Bug #1883248 - CVE-2020-26116 python2: python: CRLF injection via HTTP request method in httplib/http.client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1883248 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-e33acdea18' at the command line. Formore information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . This report addresses CVE-2021-34322 impacting python3, providing insights on resolving issues with invalid inputs in URL parsing.. Fedora Update, Python2 Security Fix, HTTP Method Security. . Severity: Critical. LinuxSecurity.com Team

Oct 29, 2020 •Critical Fedora