- Vulnerability/
- RHSA-2016:1628
RHSA-2016:1628: Moderate: python27-python security update
First published: Thu Aug 18 2016(Updated: )
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.<br>Security Fix(es):<br><li> It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110)</li> <li> It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772)</li> <li> It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699)</li> Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/python27-python | <2.7.8-16.el7 | 2.7.8-16.el7 |
| redhat/python27-python | <2.7.8-16.el7 | 2.7.8-16.el7 |
| redhat/python27-python-debug | <2.7.8-16.el7 | 2.7.8-16.el7 |
| redhat/python27-python-debuginfo | <2.7.8-16.el7 | 2.7.8-16.el7 |
| redhat/python27-python-devel | <2.7.8-16.el7 | 2.7.8-16.el7 |
| redhat/python27-python-libs | <2.7.8-16.el7 | 2.7.8-16.el7 |
| redhat/python27-python-test | <2.7.8-16.el7 | 2.7.8-16.el7 |
| redhat/python27-python-tools | <2.7.8-16.el7 | 2.7.8-16.el7 |
| redhat/python27-tkinter | <2.7.8-16.el7 | 2.7.8-16.el7 |
| redhat/python27-python | <2.7.8-18.el6 | 2.7.8-18.el6 |
| redhat/python27-python | <2.7.8-18.el6 | 2.7.8-18.el6 |
| redhat/python27-python-debug | <2.7.8-18.el6 | 2.7.8-18.el6 |
| redhat/python27-python-debuginfo | <2.7.8-18.el6 | 2.7.8-18.el6 |
| redhat/python27-python-devel | <2.7.8-18.el6 | 2.7.8-18.el6 |
| redhat/python27-python-libs | <2.7.8-18.el6 | 2.7.8-18.el6 |
| redhat/python27-python-test | <2.7.8-18.el6 | 2.7.8-18.el6 |
| redhat/python27-python-tools | <2.7.8-18.el6 | 2.7.8-18.el6 |
| redhat/python27-tkinter | <2.7.8-18.el6 | 2.7.8-18.el6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2016:1628?
The severity of RHSA-2016:1628 is classified as moderate.
How do I fix RHSA-2016:1628?
To fix RHSA-2016:1628, you should update the affected Python packages to the recommended versions 2.7.8-16.el7 or 2.7.8-18.el6.
What versions of Python are affected by RHSA-2016:1628?
RHSA-2016:1628 affects Python versions 2.7.8-16.el7 and 2.7.8-18.el6.
Is RHSA-2016:1628 applicable to Red Hat Enterprise Linux?
Yes, RHSA-2016:1628 is specifically applicable to Red Hat Enterprise Linux (RHEL) installations.
What types of Python packages does RHSA-2016:1628 impact?
RHSA-2016:1628 impacts various Python packages including python27-python, python27-python-devel, and python27-python-libs.
- collector/redhat-errata
- anchor-id/RHSA-2016:1628
- agent/title
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- package-manager/redhat