Bug 690560 (CVE-2011-1521) - CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
Summary: CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and fil...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-1521
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20110324,reported=20110324,sou...
Depends On: 690570 693954 693955 693956 693960 693961
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-24 16:33 UTC by Jan Lieskovsky
Modified: 2019-06-08 18:47 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-19 13:42:55 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0491 normal SHIPPED_LIVE Moderate: python security update 2011-05-05 18:56:24 UTC
Red Hat Product Errata RHSA-2011:0492 normal SHIPPED_LIVE Moderate: python security update 2011-05-05 18:20:30 UTC
Red Hat Product Errata RHSA-2011:0554 normal SHIPPED_LIVE Moderate: python security, bug fix, and enhancement update 2011-05-19 11:35:29 UTC

Description Jan Lieskovsky 2011-03-24 16:33:22 UTC
A security flaw was found in the way handlers for ftp:// and
file:// URL schemes in the Python urllib and urllib2 extensible
libraries processed the urllib open URL request. A remote attacker
could use this flaw to access sensitive information or cause
a denial of service (excessive CPU and memory use) of a Python
web application, processing URLs, via a specially-crafted urllib
open URL request.

Comment 2 Jan Lieskovsky 2011-03-24 16:53:27 UTC
Upstream bug report with the details:
[1] http://bugs.python.org/issue11662

Comment 3 Jan Lieskovsky 2011-03-24 17:00:07 UTC
CVE Request:
[2] http://www.openwall.com/lists/oss-security/2011/03/24/5

Comment 4 Jan Lieskovsky 2011-03-24 17:01:18 UTC
Created python tracking bugs for this issue

Affects: fedora-all [bug 690570]

Comment 5 Jan Lieskovsky 2011-03-28 14:35:08 UTC
The CVE identifier of CVE-2011-1521 has been assigned to this issue
(http://www.openwall.com/lists/oss-security/2011/03/28/2).

Comment 19 errata-xmlrpc 2011-05-05 18:20:46 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0492 https://rhn.redhat.com/errata/RHSA-2011-0492.html

Comment 20 errata-xmlrpc 2011-05-05 18:56:35 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2011:0491 https://rhn.redhat.com/errata/RHSA-2011-0491.html

Comment 21 errata-xmlrpc 2011-05-19 11:35:35 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0554 https://rhn.redhat.com/errata/RHSA-2011-0554.html


Note You need to log in before you can comment on or make changes to this bug.