Bug 690560 - (CVE-2011-1521) CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and fil...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20110324,reported=20110324,sou...
: Security
Depends On: 690570 693954 693955 693956 693960 693961
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-24 12:33 EDT by Jan Lieskovsky
Modified: 2015-07-31 08:37 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-19 09:42:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2011-03-24 12:33:22 EDT
A security flaw was found in the way handlers for ftp:// and
file:// URL schemes in the Python urllib and urllib2 extensible
libraries processed the urllib open URL request. A remote attacker
could use this flaw to access sensitive information or cause
a denial of service (excessive CPU and memory use) of a Python
web application, processing URLs, via a specially-crafted urllib
open URL request.
Comment 2 Jan Lieskovsky 2011-03-24 12:53:27 EDT
Upstream bug report with the details:
[1] http://bugs.python.org/issue11662
Comment 3 Jan Lieskovsky 2011-03-24 13:00:07 EDT
CVE Request:
[2] http://www.openwall.com/lists/oss-security/2011/03/24/5
Comment 4 Jan Lieskovsky 2011-03-24 13:01:18 EDT
Created python tracking bugs for this issue

Affects: fedora-all [bug 690570]
Comment 5 Jan Lieskovsky 2011-03-28 10:35:08 EDT
The CVE identifier of CVE-2011-1521 has been assigned to this issue
(http://www.openwall.com/lists/oss-security/2011/03/28/2).
Comment 19 errata-xmlrpc 2011-05-05 14:20:46 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0492 https://rhn.redhat.com/errata/RHSA-2011-0492.html
Comment 20 errata-xmlrpc 2011-05-05 14:56:35 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2011:0491 https://rhn.redhat.com/errata/RHSA-2011-0491.html
Comment 21 errata-xmlrpc 2011-05-19 07:35:35 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0554 https://rhn.redhat.com/errata/RHSA-2011-0554.html

Note You need to log in before you can comment on or make changes to this bug.