MGASA-2016-0296

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0296.html

Import Source

https://advisories.mageia.org/MGASA-2016-0296.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0296

Related

CVE-2016-1000110

Published

2016-08-31T17:34:12Z

Modified

2016-08-31T17:26:28Z

Summary

Updated python3/python packages fix security vulnerability

Details

Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the âProxyâ request header in their respective CGI implementations and languages by creating the âHTTP_PROXYâ environmental variable based on the header value. When this variable is used (in many cases automatically by various HTTP client libraries) any outgoing requests generated in turn from the attackers original request can be redirected to an attacker controlled proxy. This allows attackers to view potentially sensitive information, reply with malformed data, or to hold connections open causing a potential denial of service.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / python3

Package

Name: python3
Purl: pkg:rpm/mageia/python3?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.3-1.5.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / python

Package

Name: python
Purl: pkg:rpm/mageia/python?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.9-2.4.mga5

Ecosystem specific

{
    "section": "core"
}