SB2019091050 - Fedora 31 update for python34

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019091050

SB2019091050 - Fedora 31 update for python34

Published: September 10, 2019 Updated: April 25, 2025

Security Bulletin ID SB2019091050
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2019-16056)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when processing multiple occurrences of the "@" character in an email address. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied.


2) Input validation error (CVE-ID: CVE-2019-10160)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user and password parts of a URL. This issue exists due to incorrect patch for previous issue described in SB2019030811 (CVE-2019-9636). A remote attacker can gain access to sensitive information.


3) Input validation error (CVE-ID: CVE-2019-9636)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input when processing data in Unicode encoding with an incorrect netloc during NFKC normalization. A remote attacker can gain access to sensitive information.


Remediation

Install update from vendor's website.

References