Main Vulnerability Database SB2025032932

SB2025032932 - Anolis OS update for python27:2.7 module

Published: March 29, 2025

Security Bulletin ID SB2025032932

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2023-32681)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.

2) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2024:0143

Vulnerable Software

Anolis OS: 8
python2-tools: before 2.7.18-15.0.1
python2-tkinter: before 2.7.18-15.0.1
python2-test: before 2.7.18-15.0.1
python2-libs: before 2.7.18-15.0.1
python2-devel: before 2.7.18-15.0.1
python2-debug: before 2.7.18-15.0.1
python2: before 2.7.18-15.0.1
python2-requests: before 2.20.0-4
python2-pytz: before 2017.2-13
python2-scipy: before 1.0.0-22
python2-psycopg2-tests: before 2.7.5-8
python2-psycopg2-debug: before 2.7.5-8
python2-psycopg2: before 2.7.5-8
python2-coverage: before 4.5.1-5
python-psycopg2-doc: before 2.7.5-8
python2-virtualenv: before 15.1.0-22
python2-pip-wheel: before 9.0.3-19.0.1
python2-pip: before 9.0.3-19.0.1
python2-numpy-doc: before 1.14.2-16.0.1
python2-numpy-f2py: before 1.14.2-16.0.1
python2-numpy: before 1.14.2-16.0.1
python2-wheel-wheel: before 0.31.1-3
python2-wheel: before 0.31.1-3
python2-urllib3: before 1.24.2-3
python2-six: before 1.11.0-6
python2-setuptools_scm: before 1.15.7-6
python2-setuptools-wheel: before 39.0.1-13
python2-setuptools: before 39.0.1-13
python2-rpm-macros: before 3-38
python2-pytest-mock: before 1.9.0-4
python2-pytest: before 3.4.2-13
python2-pysocks: before 1.6.8-6
python2-pygments: before 2.2.0-22
python2-py: before 1.5.3-6
python2-pluggy: before 0.6.0-8
python2-nose: before 1.3.7-31
python2-mock: before 2.0.0-13
python2-jinja2: before 2.10-9
python2-ipaddress: before 1.0.18-6
python2-idna: before 2.5-7
python2-funcsigs: before 1.0.2-13
python2-docutils: before 0.14-12
python2-docs-info: before 2.7.16-2
python2-docs: before 2.7.16-2
python2-dns: before 1.15.0-10
python2-chardet: before 3.0.4-10
python2-backports-ssl_match_hostname: before 3.5.0.1-12
python2-babel: before 2.5.1-10
python2-attrs: before 17.4.0-10
python2-PyMySQL: before 0.8.0-10
python-sqlalchemy-doc: before 1.3.2-2
python-nose-docs: before 1.3.7-31
babel: before 2.5.1-10
python2-sqlalchemy: before 1.3.2-2
python2-pyyaml: before 3.12-16
python2-pymongo-gridfs: before 3.7.0-1.0.1
python2-pymongo: before 3.7.0-1.0.1
python2-markupsafe: before 0.23-19
python2-lxml: before 4.2.3-6
python2-bson: before 3.7.0-1.0.1
python2-backports: before 1.0-16
python2-Cython: before 0.28.1-7

SB2025032932 - Anolis OS update for python27:2.7 module

Breakdown by Severity

Description

Remediation

References

Please verify you're human