正文

Python 信任管理问题漏洞

admin
admin V管理员 /0 评论 /13 阅读
0222
此篇文章发布距今已超过1173天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Python 信任管理问题漏洞

  • CNNVD编号:CNNVD-201903-311
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2019-9636
  • 漏洞类型: 信任管理问题
  • 发布时间: 2019-03-08
  • 威胁类型: 远程
  • 更新时间: 2021-07-07
  • 厂        商:
  • 漏洞来源: Jonathan Birch fro...

漏洞简介

Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。

Python 2.7.x版本版本至2.7.16版本和3.x版本至3.7.2版本中存在信任管理问题漏洞。攻击者可借助特制的URL利用该漏洞泄露信息(cookies或身份验证数据)。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://bugs.python.org/issue36216

参考网址

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:1467

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujan2020.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:0981

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:3170

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:0902

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/

来源:MISC

链接:https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html

来源:BID

链接:https://www.securityfocus.com/bid/107400

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/

来源:REDHAT

链接:https://access.redhat.com/errata/RHBA-2019:0764

来源:REDHAT

链接:https://access.redhat.com/errata/RHBA-2019:0763

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html

来源:UBUNTU

链接:https://usn.ubuntu.com/4127-1/

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20190517-0001/

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html

来源:MISC

链接:https://bugs.python.org/issue36216

来源:MISC

链接:https://github.com/python/cpython/pull/12201

来源:REDHAT

链接:https://access.redhat.com/errata/RHBA-2019:0959

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/

来源:GENTOO

链接:https://security.gentoo.org/glsa/202003-26

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:0710

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:0997

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:2980

来源:BID

链接:http://www.securityfocus.com/bid/107400

来源:UBUNTU

链接:https://usn.ubuntu.com/4127-2/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:0806

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:0765

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html

来源:www.oracle.com

链接:https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2019-5461367.html

来源:github.com

链接:https://github.com/python/cpython/commit/e37ef41289b77e0f0bb9a6aedb0360664c55bdd5

来源:github.com

链接:https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be

来源:github.com

链接:https://github.com/python/cpython/commit/16e6f7dee7f02bb81aa6b385b982dcdda5b99286

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2020/suse-su-20200302-1.html

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2019:0710

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2019:0765

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-20190972-1.html

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-20190961-1.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156748/Gentoo-Linux-Security-Advisory-202003-26.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.4645/

来源:www.securityfocus.com

链接:https://www.securityfocus.com/bid/107400

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujan2020verbose.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2421/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4254/

来源:us-cert.cisa.gov

链接:https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/79186

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0397/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/79430

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152418/Red-Hat-Security-Advisory-2019-0710-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152523/Red-Hat-Security-Advisory-2019-0765-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/78574

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/79222

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3176.2/

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-9636

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3176/

受影响实体

    暂无


补丁

  • Python 安全漏洞的修复措施
    <!--
    2019-3-8
    -->