Bug 682554 – VUL-0: python urllib, urllib2: Improper management of ftp:// and file:// URL schemes

Bug 682554 - VUL-0: python urllib, urllib2: Improper management of ftp:// and file:// URL schemes


Summary:	VUL-0: python urllib, urllib2: Improper management of ftp:// and file:// URL ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	obs:running:11857:important maint:rel...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2011-03-25 07:46 UTC by Ludwig Nussel
Modified:	2020-05-06 17:16 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ludwig Nussel 2011-03-25 07:46:04 UTC

Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

------------------------------------------------------------------------------
Date: Thu, 24 Mar 2011 17:59:33 +0100
From: Jan Lieskovsky <jlieskov@redhat.com>
Subject: [oss-security] CVE Request -- Python (urllib, urllib2): Improper management of ftp://
 and file:// URL schemes

Hello Steve, vendors,

   A security flaw was found in the way handlers for ftp:// and
file:// URL schemes in the Python urllib and urllib2 extensible
libraries processed the urllib open URL request. A remote attacker
could use this flaw to access sensitive information or cause
a denial of service (excessive CPU and memory use) of a Python
web application, processing URLs, via a specially-crafted urllib
open URL request.

References:
[1] http://bugs.python.org/issue11662
[2] https://bugzilla.redhat.com/show_bug.cgi?id=690560

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Comment 1 Ludwig Nussel 2011-03-29 07:07:33 UTC

CVE-2011-1521

Comment 2 Swamp Workflow Management 2011-04-04 11:56:43 UTC

The SWAMPID for this issue is 39921.
This issue was rated as moderate.
Please submit fixed packages until 2011-04-18.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 3 Jan Matejek 2011-05-02 16:54:47 UTC

11.2 is SR 69280
11.3 is SR 69281
11.4 is SR 69284
Factory is SR 69283
SLE 11 SP1 is ibs SR 11957 (applies to GA as well)

fix for bug 674646 is included (except in 11.4/factory which are unaffected)
the 11.4 submit also contains fix to bug 673071

fix for SLE10 will follow tomorrow, unless you say that we don't need it

Comment 4 Bernhard Wiedemann 2011-05-02 17:00:20 UTC

This is an autogenerated message for OBS integration:
This bug (682554) was mentioned in
https://build.opensuse.org/request/show/69280 11.2 / python
https://build.opensuse.org/request/show/69281 11.3 / python
https://build.opensuse.org/request/show/69283 Factory / python
https://build.opensuse.org/request/show/69284 11.4 / python

Comment 5 Thomas Biege 2011-05-03 14:13:14 UTC

p5->p3 mass change

Comment 6 Jan Matejek 2011-05-04 15:30:51 UTC

SLE 10 SP4 is ibs SR 12005

that is all from me, handing over to security

Comment 7 Liu Shukui 2011-05-12 05:55:52 UTC

Sorry, after upgrading to python-2.6.0-8.12.2 on sles11sp1, I doubt that whether this patch is applied.

sles11sp1-i386:~ # rpm -q python
python-2.6.0-8.12.2

sles11sp1-i386:~ # rpm -q --changelog python|grep 682554
sles11sp1-i386:~ #

Comment 8 Swamp Workflow Management 2011-05-12 14:24:26 UTC

Update released for: libpython2_6-1_0, libpython2_6-1_0-debuginfo, libpython2_7-1_0, libpython2_7-1_0-debuginfo, python, python-base, python-base-debuginfo, python-base-debugsource, python-curses, python-curses-debuginfo, python-debuginfo, python-debugsource, python-demo, python-devel, python-gdbm, python-gdbm-debuginfo, python-idle, python-tk, python-tk-debuginfo, python-xml, python-xml-debuginfo
Products:
openSUSE 11.2 (debug, i586, x86_64)
openSUSE 11.3 (debug, i586, x86_64)
openSUSE 11.4 (debug, i586, x86_64)

Comment 9 Liu Shukui 2011-05-20 05:51:24 UTC

(In reply to comment #7)
> Sorry, after upgrading to python-2.6.0-8.12.2 on sles11sp1, I doubt that
> whether this patch is applied.
> 
> sles11sp1-i386:~ # rpm -q python
> python-2.6.0-8.12.2
> 
> sles11sp1-i386:~ # rpm -q --changelog python|grep 682554
> sles11sp1-i386:~ #

Is there any news?

Comment 10 Jan Matejek 2011-05-20 13:13:11 UTC

the changes are in our buildservice, apparently we're waiting on the update workflow for SLE

Comment 11 Ludwig Nussel 2011-05-20 14:52:18 UTC

the python changelog doesn't list the bug but the python-base one does ...

Comment 12 Liu Shukui 2011-05-23 02:55:53 UTC

(In reply to comment #11)
> the python changelog doesn't list the bug but the python-base one does ...

yes, it does.

sles11sp1-i386:~ # rpm -q --changelog python-base  |grep 682554
  (CVE-2011-1521, bnc#682554)

But, whether upgrading python or not, there is a segmentation fault on python.
So, what should I do next?

# python regrtest.py -u all

......

test_py3kwarn skipped -- test.test_py3kwarn must be run with the -3 flag
test_pyclbr
test_pydoc
test_pyexpat
Segmentation fault
#


The reproduceable steps are like this:

install python-devel

cd /usr/lib/python/test

(on 64bit platforms this might be /usr/lib64/python/test)

python regrtest.py -u all

Comment 13 Jan Matejek 2011-05-23 11:45:13 UTC

this looks like bug 656779
make sure you don't have pyxml installed and retry

Comment 14 Jan Matejek 2011-05-23 11:47:29 UTC

also, this might be a good time to push the pyxml fix from the original bug 654050

Comment 15 Liu Shukui 2011-05-24 06:49:17 UTC

(In reply to comment #13)
> this looks like bug 656779
> make sure you don't have pyxml installed and retry

thanks, done.

Comment 16 Thomas Biege 2011-05-24 11:45:47 UTC

released

Comment 17 Swamp Workflow Management 2011-05-24 14:19:11 UTC

Update released for: python, python-32bit, python-curses, python-debuginfo, python-debuginfo-32bit, python-debuginfo-x86, python-debugsource, python-demo, python-gdbm, python-idle, python-tk, python-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)

Comment 18 Swamp Workflow Management 2011-05-24 14:49:49 UTC

Update released for: python, python-32bit, python-64bit, python-curses, python-debuginfo, python-demo, python-devel, python-gdbm, python-idle, python-tk, python-x86, python-xml
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)

Comment 19 Swamp Workflow Management 2011-05-24 15:15:06 UTC

Update released for: python, python-32bit, python-64bit, python-base, python-curses, python-debuginfo, python-demo, python-devel, python-gdbm, python-idle, python-tk, python-x86, python-xml
Products:
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)

Comment 20 Swamp Workflow Management 2020-01-24 20:17:58 UTC

SUSE-SU-2020:0234-1: An update that solves 37 vulnerabilities and has 50 fixes is now available.

Category: security (important)
Bug References: 1027282,1041090,1042670,1068664,1073269,1073748,1078326,1078485,1079300,1081750,1083507,1084650,1086001,1088004,1088009,1109847,1111793,1113755,1122191,1129346,1130840,1130847,1138459,1141853,1149792,1149955,1153238,1153830,1159035,214983,298378,346490,367853,379534,380942,399190,406051,425138,426563,430761,432677,436966,437293,441088,462375,525295,534721,551715,572673,577032,581765,603255,617751,637176,638233,658604,673071,682554,697251,707667,718009,747125,747794,751718,754447,766778,794139,804978,827982,831442,834601,836739,856835,856836,857470,863741,885882,898572,901715,935856,945401,964182,984751,985177,985348,989523,997436
CVE References: CVE-2007-2052,CVE-2008-1721,CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144,CVE-2011-1521,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-1753,CVE-2013-4238,CVE-2014-1912,CVE-2014-4650,CVE-2014-7185,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-1000158,CVE-2017-18207,CVE-2018-1000030,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20852,CVE-2019-10160,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947,CVE-2019-9948
Sources used:
SUSE Linux Enterprise Module for Python2 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python-2.7.17-7.32.2, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.