RHSA-2020:4285MediumCVSS 8.0
Red Hat Security Advisory: rh-python36 security, bug fix, and enhancement update
🔗 CVE IDs covered (7)
📋 Description
CVE-2019-16935 — python: XSS vulnerability in the documentation XML-RPC server in server_title field CVE-2019-18348 — python: CRLF injection via the host part of the url passed to urlopen() CVE-2019-20907 — python: infinite loop in the tarfile module via crafted TAR archive CVE-2019-20916 — python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py CVE-2020-8492 — python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS CVE-2020-14422 — python: DoS via inefficiency in IPv{4,6}Interface classes CVE-2020-26116 — python: CRLF injection via HTTP request method in httplib/http.client
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2020:4285
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1727276
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1763229
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1809065
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1826520
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1854926
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1856481
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1868135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1873080
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1883014
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4285.json