python3.5 is vulnerable to arbitrary file read. Running pydoc -p
allows other local users to extract arbitrary files. The /getfile?key=path
URL allows to read arbitrary file on the file system.
bugzilla.redhat.com/show_bug.cgi?id=1935913
lists.debian.org/debian-lts-announce/2021/04/msg00005.html
lists.fedoraproject.org/archives/list/[email protected]/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
lists.fedoraproject.org/archives/list/[email protected]/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
lists.fedoraproject.org/archives/list/[email protected]/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
lists.fedoraproject.org/archives/list/[email protected]/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
lists.fedoraproject.org/archives/list/[email protected]/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
lists.fedoraproject.org/archives/list/[email protected]/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
lists.fedoraproject.org/archives/list/[email protected]/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
security-tracker.debian.org/tracker/CVE-2021-3426
security.gentoo.org/glsa/202104-04
security.netapp.com/advisory/ntap-20210629-0003/
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpuoct2021.html