python-2.6.6-68.0.1.AXS4
エラータID: AXSA:2019-3919:02
リリース日:
2019/07/02 Tuesday - 09:22
題名:
python-2.6.6-68.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Python の urllib.parse.urlsplit、urllib.parse.urlparse には、NFKC
正規化を行っている際の Unicode エンコードの不適切な処理のため、巧妙に細工
された URL を介して、認証情報、クッキーなどの情報を漏らしてしまう脆弱性が
あります。(CVE-2019-9636)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.
追加情報:
N/A
ダウンロード:
SRPMS
- python-2.6.6-68.0.1.AXS4.src.rpm
MD5: f907f6970628631598d729d72081bd03
SHA-256: f5e269a9bdd44a8b86a53b6fc48ce655433985b2264c74702507b3e9a6dd2734
Size: 10.76 MB
Asianux Server 4 for x86
- python-2.6.6-68.0.1.AXS4.i686.rpm
MD5: 87f620a95894128f9c981efa89e85df8
SHA-256: c8f06ba0c8fa7fa97d2a113127ef057d32faa249e17c547faa5c99bea1eccbcd
Size: 75.95 kB - python-devel-2.6.6-68.0.1.AXS4.i686.rpm
MD5: e33af153737cf91e11b1eea0852ba7bf
SHA-256: 2a4bdc42d3d8c80598a42b3792f3361d2a9fc087473f98f61c9c94e8886dedcc
Size: 172.77 kB - python-libs-2.6.6-68.0.1.AXS4.i686.rpm
MD5: 1cc78b68ac67daf8e8a5841711daf326
SHA-256: 836ce8647b9d29d68c064a63f81f615b4a49782647151bdc611616254589a7d7
Size: 5.29 MB - tkinter-2.6.6-68.0.1.AXS4.i686.rpm
MD5: d614c2a6aff57d06f3216fea163f2b92
SHA-256: 9408a056bec7371ce74054281001b2d7a121ec7a848591b5322e3fe1228da38f
Size: 256.39 kB
Asianux Server 4 for x86_64
- python-2.6.6-68.0.1.AXS4.x86_64.rpm
MD5: 7bd92dbf2a4ba8221bf2e7025803dc8f
SHA-256: 9f39ee5a699923399c9ec3d3dba7c2562ff2194ee688c4b8af7e3ee00abd978b
Size: 75.57 kB - python-devel-2.6.6-68.0.1.AXS4.x86_64.rpm
MD5: 8fae57bbe081e7a8ad3eac8bd7dba68f
SHA-256: 1d92211fd88c4c1d3572ad15b07c5f4a02cd630c2811641d1750a8a1ff709a12
Size: 172.20 kB - python-libs-2.6.6-68.0.1.AXS4.x86_64.rpm
MD5: 8889cdf8493ad47f6700350c07f99351
SHA-256: 080f7fbb02227d5bcd46c3f2c14a4cf240ab767de07735d54e86825c000d4bd8
Size: 5.33 MB - tkinter-2.6.6-68.0.1.AXS4.x86_64.rpm
MD5: b65dbd780a94e4bba2b8a4d8da7af4d3
SHA-256: 7491cd0d50b6548135df5163cddabfd2f85c71119005b32763d3b6e5c6f7ab70
Size: 257.02 kB - python-libs-2.6.6-68.0.1.AXS4.i686.rpm
MD5: 1cc78b68ac67daf8e8a5841711daf326
SHA-256: 836ce8647b9d29d68c064a63f81f615b4a49782647151bdc611616254589a7d7
Size: 5.29 MB
English