Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2021-0435
HistorySep 23, 2021 - 7:49 a.m.

Updated python3 packages fix security vulnerability

2021-09-2307:49:29
Gentoo Foundation
advisories.mageia.org
46
python3
security
vulnerability
bpo-42278
bpo-44394
bpo-43124
bpo-36384
cve-2013-0340
cve-2021-3733
cve-2021-3737
windows
macos
smtplib
ipaddress
glibc
ubuntu 16.04 esm
denial of service
server responses

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.016

Percentile

87.3%

JSON

bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS. bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733) It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3737)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchpython3< 3.8.12-1python3-3.8.12-1.mga8

Related

openvas 48
nessus 62
ubuntu 4
debian 1
fedora 4
ibm 8
osv 15
suse 4
cloudfoundry 1
mageia 1
freebsd 4
cbl_mariner 3
ubuntucve 3
cvelist 4
almalinux 3
redhat 4
rocky 2
debiancve 3
slackware 1
prion 4
veracode 3
cve 4
oraclelinux 3
nvd 4
redhatcve 2
cloudlinux 1
hackerone 1
amazon 2
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0435)
2022-01-28 00:00:00
openSUSE: Security Advisory for python (openSUSE-SU-2021:1418-1)
2021-11-01 00:00:00
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-1052)
2022-02-12 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-1214)
2022-02-25 00:00:00
openSUSE 15 Security Update : python (openSUSE-SU-2021:3489-1)
2021-10-21 00:00:00
SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2021:3489-1)
2021-10-21 00:00:00
ubuntu
ubuntu
Python vulnerabilities
2021-12-17 00:00:00
Python vulnerabilities
2021-09-16 00:00:00
Python vulnerabilities
2021-12-17 00:00:00
debian
debian
[SECURITY] [DLA 2808-1] python3.5 security update
2021-11-05 09:21:01
fedora
fedora
[SECURITY] Fedora 34 Update: python2.7-2.7.18-15.fc34
2021-09-29 01:10:03
[SECURITY] Fedora 35 Update: python2.7-2.7.18-15.fc35
2021-09-24 20:59:13
[SECURITY] Fedora 34 Update: mingw-python3-3.9.4-3.fc34
2021-09-30 01:15:07
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python
2022-06-29 02:19:10
Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2013-0340)
2018-06-17 15:49:59
Security Bulletin: IBM Security Guardium Insights is affected by multipe vulnerabilities
2022-02-04 21:33:23
osv
osv
python3.6 vulnerabilities
2021-12-17 14:53:00
python3.5 - security update
2021-11-05 00:00:00
python3.4, python3.5 vulnerabilities
2021-09-16 17:27:34
suse
suse
Security update for python (moderate)
2021-10-20 00:00:00
Security update for python (moderate)
2021-10-31 00:00:00
Security update for python3 (moderate)
2021-12-16 00:00:00
cloudfoundry
cloudfoundry
USN-5199-1: Python vulnerabilities | Cloud Foundry
2022-03-08 00:00:00
mageia
mageia
Updated python packages fix security vulnerability
2021-10-02 21:57:04
freebsd
freebsd
Python -- multiple vulnerabilities
2021-08-30 00:00:00
Python -- multiple vulnerabilities
2021-08-30 00:00:00
texproc/expat2 -- billion laugh attack
2013-02-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2013-0340 affecting package expat 2.2.6-4
2022-01-10 03:59:19
CVE-2021-3733 affecting package python2 2.7.18-9
2022-08-12 16:45:09
CVE-2021-3737 affecting package python3 3.7.10-7
2022-04-07 06:04:03
ubuntucve
ubuntucve
CVE-2013-0340
2014-01-21 00:00:00
CVE-2021-3733
2021-09-02 00:00:00
CVE-2021-3737
2021-08-31 00:00:00
cvelist
cvelist
CVE-2013-0340
2014-01-21 18:00:00
CVE-2021-3733
2022-03-07 00:00:00
CVE-2021-3737
2022-03-04 00:00:00
almalinux
almalinux
Moderate: python38:3.8 and python38-devel:3.8 security update
2022-05-10 06:23:23
Moderate: python3 security update
2021-11-02 07:48:14
Moderate: python27:2.7 security update
2022-05-10 08:02:50
redhat
redhat
(RHSA-2022:1764) Moderate: python38:3.8 and python38-devel:3.8 security update
2022-05-10 06:23:23
(RHSA-2022:1663) Moderate: python27-python and python27-python-pip security update
2022-05-02 07:48:36
(RHSA-2021:4057) Moderate: python3 security update
2021-11-02 07:48:14
rocky
rocky
python38:3.8 and python38-devel:3.8 security update
2022-05-10 06:23:23
python27:2.7 security update
2022-05-10 08:02:50
debiancve
debiancve
CVE-2013-0340
2014-01-21 18:55:09
CVE-2021-3733
2022-03-10 17:42:59
CVE-2021-3737
2022-03-04 19:15:08
slackware
slackware
[slackware-security] expat
2021-05-23 19:55:46
prion
prion
Xxe
2014-01-21 18:55:00
Authentication flaw
2022-03-10 17:42:00
Design/Logic Flaw
2022-03-04 19:15:00
veracode
veracode
XML External Entities (XXE)
2019-06-12 07:55:17
Denial Of Service
2021-09-03 01:56:52
Denial Of Service (DoS)
2021-09-26 11:39:17
cve
cve
CVE-2013-0340
2014-01-21 18:55:09
CVE-2021-3733
2022-03-10 17:42:59
CVE-2021-3737
2022-03-04 19:15:08
oraclelinux
oraclelinux
python38:3.8 and python38-devel:3.8 security update
2022-05-17 00:00:00
python3 security update
2021-11-02 00:00:00
python27:2.7 security update
2022-05-17 00:00:00
nvd
nvd
CVE-2013-0340
2014-01-21 18:55:09
CVE-2021-3733
2022-03-10 17:42:59
CVE-2021-3737
2022-03-04 19:15:08
redhatcve
redhatcve
CVE-2021-3733
2021-08-31 15:31:19
CVE-2021-3737
2021-08-26 08:00:05
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3737
2022-03-22 14:15:13
hackerone
hackerone
Internet Bug Bounty: "urllib" will result to deny of service
2021-05-07 17:14:22
amazon
amazon
Medium: python27
2022-05-31 23:47:00
Medium: python
2022-05-31 23:50:00

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.016

Percentile

87.3%

JSON
Related for MGASA-2021-0435
openvas48nessus62ubuntu4debian1fedora4ibm8osv15suse4cloudfoundry1mageia1freebsd4cbl_mariner3ubuntucve3cvelist4almalinux3redhat4rocky2debiancve3slackware1prion4veracode3cve4oraclelinux3nvd4redhatcve2cloudlinux1hackerone1amazon2