RHSA-2019:3335MediumCVSS 8.8
Red Hat Security Advisory: python27:2.7 security and bug fix update
🔗 CVE IDs covered (6)
📋 Description
CVE-2019-6446 — numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution CVE-2019-9740 — python: CRLF injection via the query part of the url passed to urlopen() CVE-2019-9947 — python: CRLF injection via the path part of the url passed to urlopen() CVE-2019-9948 — python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms CVE-2019-11236 — python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11324 — python-urllib3: Certification mishandle when error should be thrown
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2019:3335
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1667950
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1680967
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1688169
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1695570
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1695572
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1700824
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1700993
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1702473
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1709599
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1718398
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1734126
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3335.json