Stay Secure with the Latest Linux Advisories

security advisoryfedorasoftware update

Fedora 32: python27 2020-887d3fa26f Critical: HTTP Request CRLF Injection

CVE-2020-26116: HTTP request method CRLF injection in httplib. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-887d3fa26f 2020-10-16 15:18:47.312170 --------------------------------------------------------------------------------Name : python27 Product : Fedora 32 Version : 2.7.18 Release : 6.fc32 URL : https://www.python.org/ Summary : Version 2.7 of the Python interpreter Description : Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed in the 3.x line. Note that Python 2 is not supported upstream after 2020-01-01, please use the python3 package instead if you can. This package also provides the "python2" executable. --------------------------------------------------------------------------------Update Information: CVE-2020-26116: HTTP request method CRLF injection in httplib --------------------------------------------------------------------------------ChangeLog: * Wed Sep 30 2020 Petr Viktorin - 2.7.18-6 - CVE-2020-26116: Reject control chars in HTTP method in httplib.putrequest * Tue Sep 29 2020 Petr Viktorin - 2.7.18-5 - Import patches from GitHub tree --------------------------------------------------------------------------------References: [ 1 ] Bug #1883244 - CVE-2020-26116 python27: python: CRLF injection via HTTP request method in httplib/http.client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1883244 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-887d3fa26f' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . CVE-2021-26838 addressed in python36 for Fedora 34 to remedy improper validation in URL schemes.. Fedora Security Advisory, Python Package Update, CRLF Injection Fix, Software Vulnerability Management, HTTP Request Security. . Severity: Critical. LinuxSecurity.com Team

Oct 16, 2020 •Critical Fedora