Headline
CVE-2016-1000110: [SECURITY] Fedora 23 Update: python-2.7.11-8.fc23 - package-announce
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-970edb82d4 2016-08-23 09:31:44.260550 -------------------------------------------------------------------------------- Name : python Product : Fedora 23 Version : 2.7.11 Release : 8.fc23 URL : http://www.python.org/ Summary : An interpreted, interactive, object-oriented programming language Description : Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. Note that documentation for Python is provided in the python-docs package. This package provides the “python” executable; most of the actual implementation is within the “python-libs” package. -------------------------------------------------------------------------------- Update Information: Fix for CVE-2016-1000110 HTTPoxy attack -------------------------------------------------------------------------------- References: [ 1 ] Bug #1359175 - CVE-2016-1000110 python: Python CGIHandler: sets environmental variable based on user supplied Proxy request header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1359175 -------------------------------------------------------------------------------- This update can be installed with the “yum” update program. Use su -c ‘yum update python’ at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
Related news
Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.