690560 – (CVE-2011-1521) CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)

Bug 690560 (CVE-2011-1521) - CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)

Summary: CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and fil...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2011-1521
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	690570 693954 693955 693956 693960 693961
Blocks:
TreeView+	depends on / blocked

Reported:	2011-03-24 16:33 UTC by Jan Lieskovsky
Modified:	2019-09-29 12:43 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-05-19 13:42:55 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0491	normal	SHIPPED_LIVE	Moderate: python security update	2011-05-05 18:56:24 UTC
Red Hat Product Errata	RHSA-2011:0492	normal	SHIPPED_LIVE	Moderate: python security update	2011-05-05 18:20:30 UTC
Red Hat Product Errata	RHSA-2011:0554	normal	SHIPPED_LIVE	Moderate: python security, bug fix, and enhancement update	2011-05-19 11:35:29 UTC

Description Jan Lieskovsky 2011-03-24 16:33:22 UTC

A security flaw was found in the way handlers for ftp:// and
file:// URL schemes in the Python urllib and urllib2 extensible
libraries processed the urllib open URL request. A remote attacker
could use this flaw to access sensitive information or cause
a denial of service (excessive CPU and memory use) of a Python
web application, processing URLs, via a specially-crafted urllib
open URL request.

Comment 2 Jan Lieskovsky 2011-03-24 16:53:27 UTC

Upstream bug report with the details:
[1] http://bugs.python.org/issue11662

Comment 3 Jan Lieskovsky 2011-03-24 17:00:07 UTC

CVE Request:
[2] http://www.openwall.com/lists/oss-security/2011/03/24/5

Comment 4 Jan Lieskovsky 2011-03-24 17:01:18 UTC

Created python tracking bugs for this issue

Affects: fedora-all [bug 690570]

Comment 5 Jan Lieskovsky 2011-03-28 14:35:08 UTC

The CVE identifier of CVE-2011-1521 has been assigned to this issue
(http://www.openwall.com/lists/oss-security/2011/03/28/2).

Comment 19 errata-xmlrpc 2011-05-05 18:20:46 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0492 https://rhn.redhat.com/errata/RHSA-2011-0492.html

Comment 20 errata-xmlrpc 2011-05-05 18:56:35 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2011:0491 https://rhn.redhat.com/errata/RHSA-2011-0491.html

Comment 21 errata-xmlrpc 2011-05-19 11:35:35 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0554 https://rhn.redhat.com/errata/RHSA-2011-0554.html

Note You need to log in before you can comment on or make changes to this bug.