Main Vulnerability Database SB2023062655

SB2023062655 - Anolis OS update for python27:2.7 module

Published: June 26, 2023 Updated: March 28, 2025

Security Bulletin ID SB2023062655

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2023-24329)

The vulnerability allows a remote attacker to bypass implemented filters.

The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2023:0317

Vulnerable Software

Anolis OS: 8
python2-virtualenv: before 15.1.0-22
python2-tools: before 2.7.18-13
python2-tkinter: before 2.7.18-13
python2-test: before 2.7.18-13
python2-libs: before 2.7.18-13
python2-devel: before 2.7.18-13
python2-debug: before 2.7.18-13
python2: before 2.7.18-13
python2-pip-wheel: before 9.0.3-19.0.1
python2-pip: before 9.0.3-19.0.1
python2-numpy-doc: before 1.14.2-16.0.1
python2-numpy-f2py: before 1.14.2-16.0.1
python2-numpy: before 1.14.2-16.0.1
python2-wheel-wheel: before 0.31.1-3
python2-wheel: before 0.31.1-3
python2-urllib3: before 1.24.2-3
python2-six: before 1.11.0-6
python2-setuptools_scm: before 1.15.7-6
python2-setuptools-wheel: before 39.0.1-13
python2-setuptools: before 39.0.1-13
python2-rpm-macros: before 3-38
python2-requests: before 2.20.0-3
python2-pytz: before 2017.2-12
python2-pytest-mock: before 1.9.0-4
python2-pytest: before 3.4.2-13
python2-pysocks: before 1.6.8-6
python2-pygments: before 2.2.0-22
python2-py: before 1.5.3-6
python2-pluggy: before 0.6.0-8
python2-nose: before 1.3.7-31
python2-mock: before 2.0.0-13
python2-jinja2: before 2.10-9
python2-ipaddress: before 1.0.18-6
python2-idna: before 2.5-7
python2-funcsigs: before 1.0.2-13
python2-docutils: before 0.14-12
python2-docs-info: before 2.7.16-2
python2-docs: before 2.7.16-2
python2-dns: before 1.15.0-10
python2-chardet: before 3.0.4-10
python2-backports-ssl_match_hostname: before 3.5.0.1-12
python2-babel: before 2.5.1-10
python2-attrs: before 17.4.0-10
python2-PyMySQL: before 0.8.0-10
python-sqlalchemy-doc: before 1.3.2-2
python-nose-docs: before 1.3.7-31
babel: before 2.5.1-10
python2-sqlalchemy: before 1.3.2-2
python2-scipy: before 1.0.0-21
python2-pyyaml: before 3.12-16
python2-pymongo-gridfs: before 3.7.0-1.0.1
python2-pymongo: before 3.7.0-1.0.1
python2-psycopg2-tests: before 2.7.5-7.0.1
python2-psycopg2-debug: before 2.7.5-7.0.1
python2-psycopg2: before 2.7.5-7.0.1
python2-markupsafe: before 0.23-19
python2-lxml: before 4.2.3-6
python2-coverage: before 4.5.1-4
python2-bson: before 3.7.0-1.0.1
python2-backports: before 1.0-16
python2-Cython: before 0.28.1-7
python-psycopg2-doc: before 2.7.5-7.0.1

SB2023062655 - Anolis OS update for python27:2.7 module

Breakdown by Severity

Description

Remediation

References

Please verify you're human