A command injection vulnerability was found in Python 2.x and 3.x, specifically within the mailcap module. Mailcap core-module is based on the format documented in RFC 1524. The “findmatch()” function does not sanitise the second argument (filename). As a result, the legitimate command (that is used for opening the specified mime type) is concatenated with an arbitrary command, injected by an attacker.
Ref: https://github.com/python/cpython/issues/68966 https://bugs.python.org/issue24778
Public announcement: https://mail.python.org/archives/list/security-announce@python.org/thread/QDSXNCW77UGULFG2JMDFZQ7H4DIR32LA/
Created mingw-python3 tracking bugs for this issue: Affects: fedora-all [bug 2076508] Created python2.7 tracking bugs for this issue: Affects: fedora-all [bug 2076509] Created python3.10 tracking bugs for this issue: Affects: fedora-all [bug 2076510] Created python3.11 tracking bugs for this issue: Affects: fedora-all [bug 2076511] Created python3.5 tracking bugs for this issue: Affects: fedora-all [bug 2076512] Created python3.6 tracking bugs for this issue: Affects: fedora-all [bug 2076513] Created python3.7 tracking bugs for this issue: Affects: fedora-all [bug 2076514] Created python3.8 tracking bugs for this issue: Affects: fedora-all [bug 2076515] Created python3.9 tracking bugs for this issue: Affects: fedora-all [bug 2076516] Created python34 tracking bugs for this issue: Affects: epel-all [bug 2076507]
Created pypy3 tracking bugs for this issue: Affects: fedora-34 [bug 2076526]
Created pypy tracking bugs for this issue: Affects: fedora-all [bug 2076533] Created pypy3.7 tracking bugs for this issue: Affects: fedora-all [bug 2076530] Created pypy3.8 tracking bugs for this issue: Affects: fedora-all [bug 2076531] Created pypy3.9 tracking bugs for this issue: Affects: fedora-all [bug 2076532]
Here's a possible solution -- make mailcap fail to match with unsafe filenames: https://github.com/python/cpython/pull/91993 WDYT?
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6457 https://access.redhat.com/errata/RHSA-2022:6457
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6766 https://access.redhat.com/errata/RHSA-2022:6766
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7581 https://access.redhat.com/errata/RHSA-2022:7581
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7592 https://access.redhat.com/errata/RHSA-2022:7592
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7593 https://access.redhat.com/errata/RHSA-2022:7593
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8353 https://access.redhat.com/errata/RHSA-2022:8353
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2015-20107