python3-3.6.8-47.el8.ML.1
エラータID: AXSA:2022-3849:02
リリース日:
2022/09/16 Friday - 03:27
題名:
python3-3.6.8-47.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Python の mailcap モジュールには、システムの mailcap
ファイル内に記載されたコマンドにエスケープ文字を追加しない
問題があるため、リモートの攻撃者により、信頼できない入力を
介して、mailcap.findmatch 関数を呼び出すアプリケーションに
シェルコマンドの挿入を可能とする脆弱性が存在します。
(CVE-2015-20107)
- urllib.parse モジュールの urlparse メソッドには、
入力をサニタイズしていない問題があるため、攻撃者が細工した
URL を入力することを介して、CRLF インジェクション攻撃が
可能となる脆弱性があります。(CVE-2022-0391)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-20107
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).
CVE-2022-0391
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
追加情報:
N/A
ダウンロード:
SRPMS
- python3-3.6.8-47.el8.ML.1.src.rpm
MD5: d6a7c8faacabcfdebc87c4b59bff7544
SHA-256: ca1b8a55a00786bd9c1b7af3a4fe77d3193f647c712f465190bb2f5680918edd
Size: 18.23 MB
Asianux Server 8 for x86_64
- platform-python-3.6.8-47.el8.ML.1.x86_64.rpm
MD5: 1eb9666f03a8e582639ddaab60977985
SHA-256: 93c91b898f423860899594016a7befe8d0ba3d982d5f5f2e69060118a0cdeeea
Size: 84.87 kB - platform-python-debug-3.6.8-47.el8.ML.1.x86_64.rpm
MD5: a5e64137636f29182e0a5b13d96abffc
SHA-256: 05affd07938e7c9458f0ddab9a72083279325ae5d09ab2c5f5449faa1671981c
Size: 2.69 MB - platform-python-devel-3.6.8-47.el8.ML.1.x86_64.rpm
MD5: 346103e600f5c1470f4e8df8be305a35
SHA-256: 9e706e9afc2fbe8e2c109d334dceb2bc3710e1fd5129840b91025761d7159e58
Size: 249.43 kB - python3-idle-3.6.8-47.el8.ML.1.x86_64.rpm
MD5: 084952cc4021867d9475574893710c8c
SHA-256: fcb33a49d8808404bb9e4384a535692f104986304ce6c85ed802b471e6deadc1
Size: 826.26 kB - python3-libs-3.6.8-47.el8.ML.1.x86_64.rpm
MD5: 533d2fef5ee98bb03f54398f70a435e5
SHA-256: 513a1f6e802ccf9d453ff2ab31aae1578a7ba1e5eeda112a58e9b4d8cd2a0373
Size: 7.81 MB - python3-test-3.6.8-47.el8.ML.1.x86_64.rpm
MD5: 7adb780ba0b882e1adef0fb6c9194ad7
SHA-256: 892cb7a02436ac1ee9fcfc47678b46821beb1c04b1786b7c227568f26aad5dc7
Size: 8.64 MB - python3-tkinter-3.6.8-47.el8.ML.1.x86_64.rpm
MD5: bdcd113c069cb1e8f71032d0667deb32
SHA-256: 10340e36d5937ce467930fcce808810d7b28f23821c83e7fe11548c31e16c0e8
Size: 371.66 kB - platform-python-3.6.8-47.el8.ML.1.i686.rpm
MD5: 32234109a00b9c84c571f120cafd8afe
SHA-256: 30167268408ee57e3c8269be1d51b40d016ec1c940dfe46843b5cd7dbbc0c4f2
Size: 84.80 kB - platform-python-debug-3.6.8-47.el8.ML.1.i686.rpm
MD5: 821f8f98f5bdca49afcdbf8483896587
SHA-256: cdab3d45d6506c485cf37b8930d43957fb36edb73f89d0d56962c6642f3d5e33
Size: 2.73 MB - platform-python-devel-3.6.8-47.el8.ML.1.i686.rpm
MD5: 39bc061cda3d41e3b040c19476a674ce
SHA-256: 278acf7d789c02dedbe7cda7299f8c391837f04f066f3c80c355bd87f5c7e9c0
Size: 248.76 kB - python3-idle-3.6.8-47.el8.ML.1.i686.rpm
MD5: efe3cfb3b986584db1a0bc180b9e6995
SHA-256: fc530b3f3d41ee21ba3bf28bd6a6ff98fdcd2fbfb833855f58ca0095971b7ed7
Size: 826.27 kB - python3-libs-3.6.8-47.el8.ML.1.i686.rpm
MD5: 49738507c7cdf978509d6b1dc1be2956
SHA-256: 252e39178be9e4c2294ca10a3bf6c9dee094e78eda4641331c841203885baef5
Size: 7.88 MB - python3-test-3.6.8-47.el8.ML.1.i686.rpm
MD5: c8a0acf35c724b92295de1f1c94578a4
SHA-256: ffa2c7e93f09237e5eaed2a5d98990d3feb80061308bda1b64fc8cdb99f2dfe6
Size: 8.65 MB - python3-tkinter-3.6.8-47.el8.ML.1.i686.rpm
MD5: 21972f00369a0e5d14546f74680d74ee
SHA-256: 9f16c9633e147ce6b6b3ecd8ee1db34a927a6fb2da5f7e9fdaa8558122b9b140
Size: 373.07 kB