SB2021040783 - Fedora 32 update for python3, python3-docs

Security Bulletin ID SB2021040783

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2021-3426)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Binding Support Function (Python) component in Oracle Communications Cloud Native Core Binding Support Function. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

2) Input validation error (CVE-ID: CVE-2021-23336)

The vulnerability allows a remote attacker to perform web cache spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in django.utils.http.limited_parse_qsl() when parsing strings with a semicolon (";"). A remote attacker can pass specially crafted data to the application and perform a spoofing attack.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2021-b6b6093b3a

SB2021040783 - Fedora 32 update for python3, python3-docs

Breakdown by Severity

Description

Remediation

References

Please verify you're human