GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Mar 15, 2020 6:26 pm Post subject: [ GLSA 202003-26 ] Python |
 |
|
Gentoo Linux Security Advisory
Title: Python: Multiple vulnerabilities (GLSA 202003-26)
Severity: normal
Exploitable: local, remote
Date: 2020-03-15
Bug(s): #676700, #680246, #680298, #684838, #689822
ID: 202003-26
Synopsis
Multiple vulnerabilities have been found in Python, the worst of
which could result in a Denial of Service condition.
Background
Python is an interpreted, interactive, object-oriented programming
language.
Affected Packages
Package: dev-lang/python
Vulnerable: < 2.7.17
Vulnerable: < 3.5.7
Vulnerable: < 3.6.9
Vulnerable: < 3.7.4
Unaffected: >= 2.7.17
Unaffected: >= 3.5.7
Unaffected: >= 3.6.9
Unaffected: >= 3.7.4
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Python. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly perform a CRLF injection attack, obtain
sensitive information, trick Python into sending cookies to the wrong
domain or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Python 2.7.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.17:2.7"
|
All Python 3.5.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.5.7:3.5/3.5m"
|
All Python 3.6.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.6.9:3.6/3.6m"
|
All Python 3.7x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.7.4:3.7/3.7m"
|
References
CVE-2018-20852
CVE-2019-5010
CVE-2019-9636
CVE-2019-9740
CVE-2019-9947
CVE-2019-9948 |
|
News & Announcements
