First published: Mon Nov 24 2014(Updated: )
A vulnerability in Python's http, ftp and url libraries was reported, allowing to inject additional HTTP headers and more. * Upstream bug: <a href="https://bugs.python.org/issue22928">https://bugs.python.org/issue22928</a> * Upstream patches Python 3.4 / 3.5 : revision 94952 : <a href="https://hg.python.org/cpython/rev/bf3e1c9b80e9">https://hg.python.org/cpython/rev/bf3e1c9b80e9</a> Python 2.7 : revision 94951 : <a href="https://hg.python.org/cpython/rev/1c45047c5102">https://hg.python.org/cpython/rev/1c45047c5102</a> Additional note : When used in combination with flaw described in <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2016-10739 glibc: getaddrinfo should reject IP addresses with trailing characters" href="show_bug.cgi?id=1347549">BZ 1347549</a>, an attacker could direct an HTTP connection to a malicious server, using the following combined issues: * Python's httplib does not validate HTTP header values. A malicious 'Host' header with quoted new lines can inject additional headers and more * glibc's getaddrinfo() ignores new lines and everything after a new line character when the first part looks like a IPv4 address See the following blog post for additional information: <a href="http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html">http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python | <0:2.6.6-66.el6_8 | 0:2.6.6-66.el6_8 |
redhat/python | <0:2.7.5-38.el7_2 | 0:2.7.5-38.el7_2 |
redhat/python27-python | <0:2.7.8-18.el6 | 0:2.7.8-18.el6 |
redhat/python33-python | <0:3.3.2-18.el6 | 0:3.3.2-18.el6 |
redhat/rh-python34-python | <0:3.4.2-14.el6 | 0:3.4.2-14.el6 |
redhat/rh-python35-python | <0:3.5.1-9.el7 | 0:3.5.1-9.el7 |
redhat/python27-python | <0:2.7.8-16.el7 | 0:2.7.8-16.el7 |
redhat/python33-python | <0:3.3.2-16.el7 | 0:3.3.2-16.el7 |
redhat/rh-python34-python | <0:3.4.2-13.el7 | 0:3.4.2-13.el7 |
Python Python | <=2.7.9 | |
Python Python | =3.0 | |
Python Python | =3.0.1 | |
Python Python | =3.1.0 | |
Python Python | =3.1.1 | |
Python Python | =3.1.2 | |
Python Python | =3.1.3 | |
Python Python | =3.1.4 | |
Python Python | =3.1.5 | |
Python Python | =3.2.0 | |
Python Python | =3.2.1 | |
Python Python | =3.2.2 | |
Python Python | =3.2.3 | |
Python Python | =3.2.4 | |
Python Python | =3.2.5 | |
Python Python | =3.2.6 | |
Python Python | =3.3.0 | |
Python Python | =3.3.1 | |
Python Python | =3.3.2 | |
Python Python | =3.3.3 | |
Python Python | =3.3.4 | |
Python Python | =3.3.5 | |
Python Python | =3.3.6 | |
Python Python | =3.4.0 | |
Python Python | =3.4.1 | |
Python Python | =3.4.2 | |
Python Python | =3.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)