The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Python

computer vulnerability alert 23906

Python: information disclosure via Typo Squatting

Synthesis of the vulnerability

An attacker created packages with similar names, to invite administrators to install them on Python, in order to obtain sensitive information.
Impacted products: Python.
Severity: 3/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 22/09/2017.
Identifiers: skcsirt-sa-20170909-pypi-malicious-code, VIGILANCE-VUL-23906.

Description of the vulnerability

An attacker created packages with similar names, to invite administrators to install them on Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-1000158

Python: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Python.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Python, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/09/2017.
Identifiers: bpo-30500, bpo-30730, bulletinapr2018, bulletinjul2018, CVE-2017-1000158, DLA-1189-1, DLA-1190-1, DLA-1519-1, DLA-1520-1, DSA-4307-1, FEDORA-2017-2d441a1d98, FEDORA-2017-2e5a17c4cc, FEDORA-2017-677069c484, FEDORA-2017-6be762ea64, FEDORA-2017-7fe2c4bc0e, FEDORA-2017-99d12bf610, FEDORA-2017-a41f6a8078, FEDORA-2017-cf8c62747a, FEDORA-2017-e0abe14016, issue30657, openSUSE-SU-2018:1415-1, SUSE-SU-2018:1372-1, USN-3496-1, USN-3496-2, USN-3496-3, VIGILANCE-VUL-23866.

Description of the vulnerability

Several vulnerabilities were announced in Python.

An attacker can use a vulnerability via Windows Environment Variables Injection, in order to run code. [severity:2/4; bpo-30730]

An attacker can bypass security features via urllib.splithost(), in order to escalate his privileges. [severity:2/4; bpo-30500]

An attacker can generate an integer overflow via PyString_DecodeEscape(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-1000158, issue30657]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-9063

expat: integer overflow via XML_Parse

Synthesis of the vulnerability

An attacker can generate an integer overflow via XML_Parse() of expat, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, Fedora, openSUSE Leap, Python, Slackware, Nessus.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/07/2017.
Identifiers: APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, CERTFR-2018-AVI-288, CVE-2016-9063, FEDORA-2017-18601ad5d2, FEDORA-2017-2c5635cd97, FEDORA-2017-a44f9aa38b, HT208144, openSUSE-SU-2017:2336-1, SSA:2017-266-02, SSA:2018-124-01, TNS-2018-08, VIGILANCE-VUL-23211.

Description of the vulnerability

An attacker can generate an integer overflow via XML_Parse() of expat, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-9233

expat: infinite loop

Synthesis of the vulnerability

An attacker can generate an infinite loop of expat, in order to trigger a denial of service.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, openSUSE Leap, Solaris, Python, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/06/2017.
Identifiers: APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinjul2017, CERTFR-2018-AVI-288, CVE-2017-9233, DLA-990-1, DSA-3898-1, FEDORA-2017-18601ad5d2, FEDORA-2017-2c5635cd97, FEDORA-2017-a44f9aa38b, HT208144, openSUSE-SU-2017:2336-1, SSA:2017-266-02, SSA:2018-124-01, TNS-2018-08, USN-3356-1, USN-3356-2, VIGILANCE-VUL-22988.

Description of the vulnerability

An attacker can generate an infinite loop of expat, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-9840 CVE-2016-9841 CVE-2016-9842

zlib: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of zlib.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, AIX, DB2 UDB, Domino, MQSeries, Notes, Security Directory Server, SPSS Statistics, Kubernetes, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, Oracle OIT, Solaris, Percona Server, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, zlib.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 05/12/2016.
Identifiers: 1997877, 2001520, 2003212, 2004735, 2005160, 2005255, 2006014, 2006017, 2007242, 2010282, 2011648, 2014202, APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinapr2017, bulletinoct2018, CERTFR-2018-AVI-288, cpujul2018, cpuoct2017, cpuoct2018, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, DLA-1725-1, FEDORA-2018-242f6c1a41, FEDORA-2018-55b875c1ac, HT208144, ibm10718843, openSUSE-SU-2016:3202-1, openSUSE-SU-2017:0077-1, openSUSE-SU-2017:0080-1, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, openSUSE-SU-2018:3478-1, openSUSE-SU-2019:0327-1, RHSA-2017:1220-01, RHSA-2017:1221-01, RHSA-2017:1222-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, SSA:2018-309-01, SUSE-SU-2017:1384-1, SUSE-SU-2017:1386-1, SUSE-SU-2017:1387-1, SUSE-SU-2017:1444-1, SUSE-SU-2017:2989-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:3542-1, SUSE-SU-2018:3972-1, SUSE-SU-2018:4211-1, SUSE-SU-2019:0119-1, SUSE-SU-2019:0555-1, TNS-2018-08, VIGILANCE-VUL-21262.

Description of the vulnerability

Several vulnerabilities were announced in zlib.

An attacker can generate a memory corruption via Deflate External Linkage, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

A pointer error may have a consequence. [severity:1/4]

An attacker can force a read at an invalid address via inftrees.c, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9840, CVE-2016-9841]

A negative number shift is undefined. [severity:1/4; CVE-2016-9842]

An attacker can force a read at an invalid address via Big-endian Pointer, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9843]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-1000104 CVE-2016-1000105 CVE-2016-1000107

Web servers: creating client queries via the Proxy header

Synthesis of the vulnerability

An attacker can send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy.
Impacted products: Apache httpd, Tomcat, Mac OS X, Debian, Drupal Core, eZ Publish, Fedora, HP-UX, QRadar SIEM, Junos Space, NSM Central Manager, NSMXpress, lighttpd, IIS, nginx, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Perl Module ~ not comprehensive, PHP, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, TrendMicro ServerProtect, TYPO3 Core, Ubuntu, Varnish.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 12.
Creation date: 18/07/2016.
Identifiers: 1117414, 1994719, 1994725, 1999671, APPLE-SA-2017-09-25-1, bulletinjul2017, bulletinoct2016, c05324759, CERTFR-2016-AVI-240, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cpujan2018, CVE-2016-1000104, CVE-2016-1000105, CVE-2016-1000107, CVE-2016-1000108, CVE-2016-1000109, CVE-2016-1000110, CVE-2016-1000111, CVE-2016-1000212, CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, DLA-553-1, DLA-568-1, DLA-583-1, DLA-749-1, DRUPAL-SA-CORE-2016-003, DSA-3623-1, DSA-3631-1, DSA-3642-1, EZSA-2016-001, FEDORA-2016-07e9059072, FEDORA-2016-2c324d0670, FEDORA-2016-340e361b90, FEDORA-2016-4094bd4ad6, FEDORA-2016-4e7db3d437, FEDORA-2016-604616dc33, FEDORA-2016-683d0b257b, FEDORA-2016-970edb82d4, FEDORA-2016-9c8cf5912c, FEDORA-2016-9de7253cc7, FEDORA-2016-9fd814a7f2, FEDORA-2016-9fd9bfab9e, FEDORA-2016-a29c65b00f, FEDORA-2016-aef8a45afe, FEDORA-2016-c1b01b9278, FEDORA-2016-df0726ae26, FEDORA-2016-e2c8f5f95a, FEDORA-2016-ea5e284d34, HPSBUX03665, HT207615, HT208144, HT208221, httpoxy, JSA10770, JSA10774, openSUSE-SU-2016:1824-1, openSUSE-SU-2016:2054-1, openSUSE-SU-2016:2055-1, openSUSE-SU-2016:2115-1, openSUSE-SU-2016:2120-1, openSUSE-SU-2016:2252-1, openSUSE-SU-2016:2536-1, openSUSE-SU-2016:3092-1, openSUSE-SU-2016:3157-1, openSUSE-SU-2017:0223-1, RHSA-2016:1420-01, RHSA-2016:1421-01, RHSA-2016:1422-01, RHSA-2016:1538-01, RHSA-2016:1609-01, RHSA-2016:1610-01, RHSA-2016:1611-01, RHSA-2016:1612-01, RHSA-2016:1613-01, RHSA-2016:1624-01, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, RHSA-2016:1635-01, RHSA-2016:1636-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:1978-01, RHSA-2016:2045-01, RHSA-2016:2046-01, SSA:2016-203-02, SSA:2016-358-01, SSA:2016-363-01, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, SUSE-SU-2019:0223-1, USN-3038-1, USN-3045-1, USN-3134-1, USN-3177-1, USN-3177-2, USN-3585-1, VIGILANCE-VUL-20143, VU#797896.

Description of the vulnerability

Most web servers support CGI scripts (PHP, Python, etc.).

According to the RFC 3875, when a web server receives a Proxy header, it has to create the HTTP_PROXY environment variable for CGI scripts.

However, this variable is also used to store the name of the proxy that web clients has to use. The PHP (via Guzzle, Artax, etc.) and Python scripts will thus use the proxy indicated in the web query for all client queries they will send during the CGI session.

An attacker can therefore send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-4472

expat: denial of service via a CHM file

Synthesis of the vulnerability

An attacker can raise a fatal error in pointer arithmetic in expat, while processing a CHM file, in order to make expat crash.
Impacted products: Fedora, Notes, WebSphere AS Traditional, Python, Slackware, Nessus, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/06/2016.
Identifiers: 1988026, 1990421, 1990658, CERTFR-2018-AVI-288, CVE-2016-4472, FEDORA-2016-0fd6ca526a, FEDORA-2016-60889583ab, FEDORA-2016-7c6e7a9265, SSA:2016-359-01, SSA:2017-266-02, SSA:2018-124-01, TNS-2018-08, USN-3013-1, VIGILANCE-VUL-19932.

Description of the vulnerability

An attacker can raise a fatal error in pointer arithmetic in expat, while processing a CHM file, in order to make expat crash.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-5699

Python: header tampering via urllib2, urllib

Synthesis of the vulnerability

An attacker can change the HTTP request created by urllib.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Python, RHEL, Splunk Enterprise, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 17/06/2016.
Identifiers: bulletinjul2016, CVE-2016-5699, DLA-1663-1, DLA-522-1, FEDORA-2016-34ca5273e9, FEDORA-2016-6c2b74bb96, FEDORA-2016-b046b56518, FEDORA-2016-ef784cf9f7, openSUSE-SU-2016:1885-1, openSUSE-SU-2016:2120-1, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, SP-CAAAPSR, SPL-128812, SUSE-SU-2019:0223-1, USN-3134-1, VIGILANCE-VUL-19925.

Description of the vulnerability

The urllib module of the Python library is an HTTP client.

However, the urllib module accepts HTTP headers at the end of the URL. The headers will be inserted before the ones added by urllib.

An attacker can therefore change the HTTP request created by urllib.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-0772

Python: TLS disabling in smtplib

Synthesis of the vulnerability

An attacker can make the creation of a TLS tunnel by the smtplib module of Python, in order to read sent mails.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Python, RHEL, Splunk Enterprise, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading, data flow.
Provenance: LAN.
Creation date: 16/06/2016.
Identifiers: bulletinjul2016, CVE-2016-0772, DLA-1663-1, DLA-522-1, DLA-871-1, FEDORA-2016-105b80d1be, FEDORA-2016-13be2ee499, FEDORA-2016-2869023091, FEDORA-2016-34ca5273e9, FEDORA-2016-5c52dcfe47, FEDORA-2016-6c2b74bb96, FEDORA-2016-a0853405eb, FEDORA-2016-aae6bb9433, FEDORA-2016-b046b56518, FEDORA-2016-e37f15a5f4, FEDORA-2016-ef784cf9f7, openSUSE-SU-2016:1885-1, openSUSE-SU-2016:2120-1, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, SP-CAAAPSR, SPL-128812, SUSE-SU-2019:0223-1, USN-3134-1, VIGILANCE-VUL-19915.

Description of the vulnerability

The Python library includes a SMTP client.

This library enables a TLS tunnel. However, it does not check the status code of the STARTTLS command and accept to continue the SMTP session in plain text. An attacker who can hijack the traffic can insert an error after the STARTTLS command to disable the encryption.

An attacker can therefore make the creation of a TLS tunnel by the smtplib module of Python, in order to read sent mails.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-5636

Python: buffer overflow via zipimporter

Synthesis of the vulnerability

An attacker can generate a buffer overflow via zipimporter of Python, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Python, RHEL, Splunk Enterprise, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 13/06/2016.
Identifiers: bulletinjul2016, CVE-2016-5636, DLA-1663-1, DLA-522-1, FEDORA-2016-308f78b2f4, FEDORA-2016-32e5a8c3a8, FEDORA-2016-9932f852c7, FEDORA-2016-d3a529aad6, FEDORA-2016-e63a732c9d, FEDORA-2016-eff21665e7, HT207615, openSUSE-SU-2016:1885-1, openSUSE-SU-2016:2120-1, RHSA-2016:2586-02, SP-CAAAPSR, SPL-128812, SUSE-SU-2018:2408-1, SUSE-SU-2019:0223-1, USN-3134-1, VIGILANCE-VUL-19873.

Description of the vulnerability

The Python product includes a module to manage Zip archive.

A Zip entry includes a flag "compressed ?" and size of the file entry, before and after compression. However, when an entry states "compressed" and one of the data size is -1, an integer overflow occurs, which leads to a heap based buffer overflow when the content of the archive entry is read.

An attacker can therefore generate a buffer overflow via zipimporter of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Python: