Bug 1688169 (CVE-2019-9740) - CVE-2019-9740 python: CRLF injection via the query part of the url passed to urlopen()
Summary: CVE-2019-9740 python: CRLF injection via the query part of the url passed to ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-9740
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1688170 1688657 1692983 1692984 1703458 1704362 1704364 1704365 1704366 1704367 1704368 1704369 1704370 1704371 1704372 1706849 1706850 1706851 1706852 1706853 1706854 1706855 1709391 1709407 1802736 1802737 1802738 1802739 1802740 1802741
Blocks: 1688174
TreeView+ depends on / blocked
 
Reported: 2019-03-13 10:20 UTC by Dhananjay Arunesh
Modified: 2021-02-16 22:16 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:50:42 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1260 0 None None None 2019-05-22 12:01:52 UTC
Red Hat Product Errata RHSA-2019:2030 0 None None None 2019-08-06 12:04:51 UTC
Red Hat Product Errata RHSA-2019:3335 0 None None None 2019-11-05 20:37:59 UTC
Red Hat Product Errata RHSA-2019:3520 0 None None None 2019-11-05 21:06:43 UTC
Red Hat Product Errata RHSA-2019:3725 0 None None None 2019-11-06 09:45:22 UTC
Red Hat Product Errata RHSA-2020:1268 0 None None None 2020-04-01 08:34:17 UTC
Red Hat Product Errata RHSA-2020:1346 0 None None None 2020-04-07 09:33:35 UTC
Red Hat Product Errata RHSA-2020:1462 0 None None None 2020-04-14 17:39:54 UTC

Description Dhananjay Arunesh 2019-03-13 10:20:06 UTC
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command.

Reference:
https://bugs.python.org/issue36276

Comment 1 Dhananjay Arunesh 2019-03-13 10:20:35 UTC
Created python-urllib3 tracking bugs for this issue:

Affects: fedora-all [bug 1688170]

Comment 2 Hardik Vyas 2019-03-14 07:38:07 UTC
[Deleted]

Comment 7 Riccardo Schirone 2019-04-05 15:19:45 UTC
> Reference:
> https://bugs.python.org/issue36276

This has been marked as duplicate of https://bugs.python.org/issue30458

Comment 10 Hardik Vyas 2019-04-26 14:01:09 UTC
Statement:

This issue affects:
* All current versions of Red Hat OpenStack Platform. However, version 8 is due to retire on the 20th of April 2019, there are no more planned releases prior to this date.

Comment 15 Riccardo Schirone 2019-05-06 11:57:43 UTC
Created python3 tracking bugs for this issue:

Affects: fedora-all [bug 1706851]


Created python34 tracking bugs for this issue:

Affects: epel-all [bug 1706855]
Affects: fedora-all [bug 1706852]


Created python35 tracking bugs for this issue:

Affects: fedora-all [bug 1706853]


Created python36 tracking bugs for this issue:

Affects: epel-7 [bug 1706854]
Affects: fedora-29 [bug 1706850]


Created python37 tracking bugs for this issue:

Affects: fedora-28 [bug 1706849]

Comment 16 Riccardo Schirone 2019-05-06 12:00:11 UTC
Upstream patch PR (merged upstream):
https://github.com/python/cpython/pull/12755

Comment 18 errata-xmlrpc 2019-05-22 12:01:51 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:1260

Comment 19 Riccardo Schirone 2019-07-05 07:50:52 UTC
This flaw is about CLRF sequences that are not properly handled in python built-in modules urllib/urllib2 in the *query* part of the url parameter of urlopen() function.

Comment 21 errata-xmlrpc 2019-08-06 12:04:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030

Comment 23 errata-xmlrpc 2019-11-05 20:37:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3335

Comment 24 errata-xmlrpc 2019-11-05 21:06:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3520 https://access.redhat.com/errata/RHSA-2019:3520

Comment 25 errata-xmlrpc 2019-11-06 09:45:20 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3725

Comment 27 errata-xmlrpc 2020-04-01 08:34:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2020:1268 https://access.redhat.com/errata/RHSA-2020:1268

Comment 28 errata-xmlrpc 2020-04-07 09:33:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions

Via RHSA-2020:1346 https://access.redhat.com/errata/RHSA-2020:1346

Comment 29 errata-xmlrpc 2020-04-14 17:39:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:1462 https://access.redhat.com/errata/RHSA-2020:1462


Note You need to log in before you can comment on or make changes to this bug.