SB2019042215 - Input validation error in python2-tkinter (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-9636)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input when processing data in Unicode encoding with an incorrect netloc during NFKC normalization. A remote attacker can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=fa23adfbfb1cbac13db3251e811e4e0773e8b6b8
• https://git.alpinelinux.org/aports/commit/?id=5372bc29f308df62681eb2d705259cd5cc9b5448
• https://git.alpinelinux.org/aports/commit/?id=c01f27f5016fb801d36ffea67177a9f2f6b6f784
• https://git.alpinelinux.org/aports/commit/?id=881a54816216d011d1d27286df2693851c86caef
• https://git.alpinelinux.org/aports/commit/?id=40a4951871b0a2e718de6a07e0772730fc280d06
• https://git.alpinelinux.org/aports/commit/?id=e9bd8a37793b2737c60e8aabb4e30540de6420cc
• https://git.alpinelinux.org/aports/commit/?id=9c34a237cf52d34f870ec322b8a00a19f72b4616
• https://git.alpinelinux.org/aports/commit/?id=63295e4a667669a5dadf360d6a5e0d3ca67af2c1
• https://git.alpinelinux.org/aports/commit/?id=9b8d163f3a9143f9623a5320355ce9901a8f0feb
• https://git.alpinelinux.org/aports/commit/?id=2757235ef94f59233d2dc36eff13adabb4b91306
• https://git.alpinelinux.org/aports/commit/?id=7c21d88133f9983684374fb245b39b92e0bef5b8
• https://git.alpinelinux.org/aports/commit/?id=47b45e6408f07c2789e3662d06f25e1c434a9d6a
• https://git.alpinelinux.org/aports/commit/?id=66574119245fb529a95130df97be423d3f6218e8
• https://git.alpinelinux.org/aports/commit/?id=9d48a71d9895becc1428522aee341f26034aa3ab