Описание
ELSA-2020-3911: python security update (MODERATE)
[2.7.5-89.0.1]
- Add Oracle Linux distribution in platform.py [orabug 20812544]
[2.7.5-89]
- Security fix for CVE-2019-16935 Resolves: rhbz#1797998
[2.7.5-88]
- Security fix for CVE-2019-16056 Resolves: rhbz#1750773
[2.7.5-87]
- Fix CVE-2018-20852 Resolves: rhbz#1741551
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
python
2.7.5-89.0.1.el7
python-debug
2.7.5-89.0.1.el7
python-devel
2.7.5-89.0.1.el7
python-libs
2.7.5-89.0.1.el7
python-test
2.7.5-89.0.1.el7
python-tools
2.7.5-89.0.1.el7
tkinter
2.7.5-89.0.1.el7
Oracle Linux x86_64
python
2.7.5-89.0.1.el7
python-debug
2.7.5-89.0.1.el7
python-devel
2.7.5-89.0.1.el7
python-libs
2.7.5-89.0.1.el7
python-test
2.7.5-89.0.1.el7
python-tools
2.7.5-89.0.1.el7
tkinter
2.7.5-89.0.1.el7
Связанные CVE
Связанные уязвимости
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
The documentation XML-RPC server in Python through 2.7.16, 3.x through ...
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.