SB2019101203 - Input validation error in python2-tkinter (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-16056)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when processing multiple occurrences of the "@" character in an email address. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=8135de912b23c9bd9649fa7b6a59ec455529b7af
• https://git.alpinelinux.org/aports/commit/?id=99c195369d53843a8a4f186257072600a773bbde
• https://git.alpinelinux.org/aports/commit/?id=b98b6bd76527ff7e722baece7a94e43ddb008a9d
• https://git.alpinelinux.org/aports/commit/?id=c01f27f5016fb801d36ffea67177a9f2f6b6f784
• https://git.alpinelinux.org/aports/commit/?id=881a54816216d011d1d27286df2693851c86caef
• https://git.alpinelinux.org/aports/commit/?id=40a4951871b0a2e718de6a07e0772730fc280d06
• https://git.alpinelinux.org/aports/commit/?id=e9bd8a37793b2737c60e8aabb4e30540de6420cc
• https://git.alpinelinux.org/aports/commit/?id=9c34a237cf52d34f870ec322b8a00a19f72b4616
• https://git.alpinelinux.org/aports/commit/?id=32551f10cc7789a36283459beaadc2c6a9be0101
• https://git.alpinelinux.org/aports/commit/?id=df74bb35f4ace14f0d6d6edbeca3fc6f1e74d66a
• https://git.alpinelinux.org/aports/commit/?id=bab9a458665985f45b83a039c4f46b732a37b420
• https://git.alpinelinux.org/aports/commit/?id=41e574563a228c690047bb1b5c88c58978a2cfd5
• https://git.alpinelinux.org/aports/commit/?id=836b3a9938b9cc2baaf9884096cf298a80707a87
• https://git.alpinelinux.org/aports/commit/?id=aff70ee75a54dac4ce36137ef9d8e1d80e3f4c74
• https://git.alpinelinux.org/aports/commit/?id=0562e86c76fdabc97dfe78d850621ebd4360561a