ID CVE-2016-5636
Summary Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • Python 3.0
    cpe:2.3:a:python:python:3.0
  • Python 3.0.1
    cpe:2.3:a:python:python:3.0.1
  • Python 3.1.0
    cpe:2.3:a:python:python:3.1.0
  • Python 3.1.1
    cpe:2.3:a:python:python:3.1.1
  • Python 3.1.2
    cpe:2.3:a:python:python:3.1.2
  • Python 3.1.3
    cpe:2.3:a:python:python:3.1.3
  • Python 3.1.4
    cpe:2.3:a:python:python:3.1.4
  • Python 3.1.5
    cpe:2.3:a:python:python:3.1.5
  • Python 3.2.0
    cpe:2.3:a:python:python:3.2.0
  • Python 3.2.1
    cpe:2.3:a:python:python:3.2.1
  • Python 3.2.2
    cpe:2.3:a:python:python:3.2.2
  • Python 3.2.3
    cpe:2.3:a:python:python:3.2.3
  • Python 3.2.4
    cpe:2.3:a:python:python:3.2.4
  • Python 3.2.5
    cpe:2.3:a:python:python:3.2.5
  • Python 3.2.6
    cpe:2.3:a:python:python:3.2.6
  • Python 3.3.0
    cpe:2.3:a:python:python:3.3.0
  • Python 3.3.1
    cpe:2.3:a:python:python:3.3.1
  • Python 3.3.2
    cpe:2.3:a:python:python:3.3.2
  • Python 3.3.3
    cpe:2.3:a:python:python:3.3.3
  • Python 3.3.4
    cpe:2.3:a:python:python:3.3.4
  • Python 3.3.5
    cpe:2.3:a:python:python:3.3.5
  • Python 3.3.6
    cpe:2.3:a:python:python:3.3.6
  • Python 3.4.0
    cpe:2.3:a:python:python:3.4.0
  • Python 3.4.1
    cpe:2.3:a:python:python:3.4.1
  • Python 3.4.2
    cpe:2.3:a:python:python:3.4.2
  • Python 3.4.3
    cpe:2.3:a:python:python:3.4.3
  • Python 3.4.4
    cpe:2.3:a:python:python:3.4.4
  • Python 2.7.11
    cpe:2.3:a:python:python:2.7.11
  • Python 3.5.0
    cpe:2.3:a:python:python:3.5.0
  • Python 3.5.1
    cpe:2.3:a:python:python:3.5.1
CVSS
Base: 10.0 (as of 02-09-2016 - 15:39)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1003.NASL
    description According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99850
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99850
    title EulerOS 2.0 SP1 : python (EulerOS-SA-2017-1003)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-D3A529AAD6.NASL
    description Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92173
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92173
    title Fedora 23 : python (2016-d3a529aad6)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-EFF21665E7.NASL
    description CVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92336
    published 2016-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92336
    title Fedora 23 : python (2016-eff21665e7)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-9932F852C7.NASL
    description CVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92271
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92271
    title Fedora 24 : python (2016-9932f852c7)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2586.NASL
    description An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94549
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94549
    title RHEL 7 : python (RHSA-2016:2586)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-32E5A8C3A8.NASL
    description Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92076
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92076
    title Fedora 23 : python3 (2016-32e5a8c3a8)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1D0F685233D811E6A67160A44CE6887B.NASL
    description Python reports : Possible integer overflow and heap corruption in zipimporter.get_data()
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 91699
    published 2016-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91699
    title FreeBSD : Python -- Integer overflow in zipimport module (1d0f6852-33d8-11e6-a671-60a44ce6887b)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-5C52DCFE47.NASL
    description Security fix for CVE-2016-0772 ---- Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92251
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92251
    title Fedora 22 : python3 (2016-5c52dcfe47)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2586.NASL
    description From Red Hat Security Advisory 2016:2586 : An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94707
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94707
    title Oracle Linux 7 : python (ELSA-2016-2586)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E63A732C9D.NASL
    description CVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92297
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92297
    title Fedora 24 : python3 (2016-e63a732c9d)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_12_4.NASL
    description The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 99134
    published 2017-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99134
    title macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-18 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted index file using Python’s dumbdbm module, possibly resulting in execution of arbitrary code with the privileges of the process. A remote attacker could entice a user to process a specially crafted input stream using Python’s zipimporter module, possibly allowing attackers to cause unspecified impact. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-02-27
    plugin id 96399
    published 2017-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96399
    title GLSA-201701-18 : Python: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E37F15A5F4.NASL
    description Security fix for CVE-2016-0772 ---- Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92295
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92295
    title Fedora 22 : python (2016-e37f15a5f4)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0223-1.NASL
    description This update for python fixes the following issues : Security issues fixed : CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-04
    plugin id 121570
    published 2019-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121570
    title SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-724.NASL
    description It was found that Python's httplib library (used urllib, urllib2 and others) did not properly check HTTP header input in HTTPConnection.putheader(). An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values. (CVE-2016-5699) It was found that Python's smtplib library did not return an exception if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with ability to launch an active man in the middle attack could strip out the STARTTLS command without generating an exception on the python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 92471
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92471
    title Amazon Linux AMI : python26 / python27,python34 (ALAS-2016-724)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2653-1.NASL
    description This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177) - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes : - Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166) - Make urllib proxy var handling behave as usual on POSIX. (bsc#983582) For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 94321
    published 2016-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94321
    title SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1663.NASL
    description This DLA fixes a a problem parsing x509 certificates, an pickle integer overflow, and some other minor issues : CVE-2016-0772 The smtplib library in CPython does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a 'StartTLS stripping attack.' CVE-2016-5636 Integer overflow in the get_data function in zipimport.c in CPython allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. CVE-2016-5699 CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. CVE-2018-20406 Modules/_pickle.c has an integer overflow via a large LONG_BINPUT value that is mishandled during a 'resize to twice the size' attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. CVE-2019-5010 NULL pointer dereference using a specially crafted X509 certificate. For Debian 8 'Jessie', these problems have been fixed in version 3.4.2-1+deb8u2. We recommend that you upgrade your python3.4 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-08
    plugin id 122036
    published 2019-02-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122036
    title Debian DLA-1663-1 : python3.4 security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2408-1.NASL
    description This update for python-base fixes the following issues: Security issues fixed : - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes : - bsc#1086001: python tarfile uses random order. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112012
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112012
    title SUSE SLES11 Security Update : python (SUSE-SU-2018:2408-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2106-1.NASL
    description This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93300
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93300
    title SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2016:2106-1) (httpoxy)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3134-1.NASL
    description It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772) Remi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. (CVE-2016-1000110) Insu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. (CVE-2016-5636) Guido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5699). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95284
    published 2016-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95284
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : python2.7, python3.2, python3.4, python3.5 vulnerabilities (USN-3134-1) (httpoxy)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-997.NASL
    description This update for python3 fixes the following issues : - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header (fixes boo#989523, CVE-2016-1000110) - update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751, CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348, CVE-2016-5699) - Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856 - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header: (fixes boo#989523, CVE-2016-1000110)
    last seen 2019-02-21
    modified 2016-10-24
    plugin id 93069
    published 2016-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93069
    title openSUSE Security Update : python3 (openSUSE-2016-997) (httpoxy)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2859-1.NASL
    description This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177) - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes : - Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166) - Make urllib proxy var handling behave as usual on POSIX. (bsc#983582) For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94969
    published 2016-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94969
    title SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy)
  • NASL family CGI abuses
    NASL id SPLUNK_650.NASL
    description According to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.17, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.12, 6.3.x prior to 6.3.8, or 6.4.x prior to 6.4.4; or else it is Splunk Light prior to 6.5.0. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in Python, specifically in the get_data() function within file Modules/zipimport.c, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via negative data size values, to cause a denial of service condition or the possible execution of arbitrary code. (CVE-2016-5636) - A CRLF injection vulnerability exists in Python, specifically in the HTTPConnection.putheader() function within file Modules/zipimport.c. An unauthenticated, remote attacker can exploit this to inject arbitrary HTTP headers via CRLF sequences in a URL, allowing cross-site scripting (XSS) and other attacks. (CVE-2016-5699) - A flaw exists in Python within the smtplib library due to a failure to properly raise exceptions when smtp servers are able to negotiate starttls but fail to respond properly. A man-in-the-middle attacker can exploit this issue to bypass TLS protections via a 'StartTLS stripping attack.' (CVE-2016-0772) - An HTTP request injection vulnerability exists in Splunk that permits leakage of authentication tokens. An unauthenticated, remote attacker can exploit this to access the Splunk REST API with the same rights as the user. Note that the Python vulnerabilities stated above do not affect the Splunk Enterprise 6.4.x versions, and the HTTP request injection vulnerability does not affect the Splunk Light versions.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 94932
    published 2016-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94932
    title Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-22EAB18150.NASL
    description Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92066
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92066
    title Fedora 24 : python3 (2016-22eab18150)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-308F78B2F4.NASL
    description CVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92329
    published 2016-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92329
    title Fedora 23 : python3 (2016-308f78b2f4)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161103_PYTHON_ON_SL7_X.NASL
    description Security Fix(es) : - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes :
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 95857
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95857
    title Scientific Linux Security Update : python on SL7.x x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-D5917E939E.NASL
    description Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92175
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92175
    title Fedora 24 : python (2016-d5917e939e)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2586.NASL
    description An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 95332
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95332
    title CentOS 7 : python (CESA-2016:2586)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-906.NASL
    description Python was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2016-0772: TLS stripping attack on smtplib (bsc#984751) - CVE-2016-5636: zipimporter heap overflow (bsc#985177) - CVE-2016-5699: httplib header injection (bsc#985348) This update also includes all upstream bug fixes and improvements in Python 2.7.12. It also includes the following packaging changes : - reintroduce support for CA directory path The following tracked packaging issues were fixed : - broken overflow checks (bsc#964182)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 92595
    published 2016-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92595
    title openSUSE Security Update : python (openSUSE-2016-906)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-522.NASL
    description - CVE-2016-0772 A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS. - CVE-2016-5636 Issue #26171: Fix possible integer overflow and heap corruption in zipimporter.get_data(). - CVE-2016-5699 Protocol injection can occur not only if an application sets a header based on user-supplied values, but also if the application ever tries to fetch a URL specified by an attacker (SSRF case) OR if the application ever accesses any malicious web server (redirection case). For Debian 7 'Wheezy', these problems have been fixed in version 2.7.3-6+deb7u3. We recommend that you upgrade your python2.7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 91733
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91733
    title Debian DLA-522-1 : python2.7 security update
redhat via4
advisories
bugzilla
id 1345856
title CVE-2016-5636 python: Heap overflow in zipimporter module
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment python is earlier than 0:2.7.5-48.el7
        oval oval:com.redhat.rhsa:tst:20162586011
      • comment python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110554008
    • AND
      • comment python-debug is earlier than 0:2.7.5-48.el7
        oval oval:com.redhat.rhsa:tst:20162586007
      • comment python-debug is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152101016
    • AND
      • comment python-devel is earlier than 0:2.7.5-48.el7
        oval oval:com.redhat.rhsa:tst:20162586015
      • comment python-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110554010
    • AND
      • comment python-libs is earlier than 0:2.7.5-48.el7
        oval oval:com.redhat.rhsa:tst:20162586009
      • comment python-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110554014
    • AND
      • comment python-test is earlier than 0:2.7.5-48.el7
        oval oval:com.redhat.rhsa:tst:20162586005
      • comment python-test is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110554016
    • AND
      • comment python-tools is earlier than 0:2.7.5-48.el7
        oval oval:com.redhat.rhsa:tst:20162586017
      • comment python-tools is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110554012
    • AND
      • comment tkinter is earlier than 0:2.7.5-48.el7
        oval oval:com.redhat.rhsa:tst:20162586013
      • comment tkinter is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110554018
rhsa
id RHSA-2016:2586
released 2016-11-03
severity Low
title RHSA-2016:2586: python security, bug fix, and enhancement update (Low)
rpms
  • python-0:2.7.5-48.el7
  • python-debug-0:2.7.5-48.el7
  • python-devel-0:2.7.5-48.el7
  • python-libs-0:2.7.5-48.el7
  • python-test-0:2.7.5-48.el7
  • python-tools-0:2.7.5-48.el7
  • tkinter-0:2.7.5-48.el7
refmap via4
bid 91247
confirm
gentoo GLSA-201701-18
mlist
  • [debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update
  • [oss-security] 20160615 CVE Request: heap overflow in Python zipimport module
  • [oss-security] 20160616 Re: CVE Request: heap overflow in Python zipimport module
sectrack 1038138
Last major update 23-12-2016 - 21:59
Published 02-09-2016 - 10:59
Last modified 09-02-2019 - 06:29
Back to Top