CVE 2019-9948
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.
Related bugs and status
CVE-2019-9948 (Candidate) is related to these bugs:
Bug #1808476: Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu) | Undecided | Fix Released | ||
| 1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu Disco) | Undecided | Fix Released | ||
| 1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu Cosmic) | Undecided | Fix Released | ||
| 1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu Bionic) | Undecided | Fix Released | ||
Bug #1822993: SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8
Bug #1835135: FIPS OpenSSL crashes Python2 hashlib
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python2.7 (Ubuntu) | High | Triaged | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python2.7 (Ubuntu Bionic) | Medium | Fix Released | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python2.7 (Ubuntu Xenial) | Medium | Fix Released | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python2.7 (Ubuntu Cosmic) | Undecided | Won't Fix | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python2.7 (Ubuntu Eoan) | High | Won't Fix | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python2.7 (Ubuntu Disco) | Medium | Fix Released | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python3.5 (Ubuntu) | Undecided | Invalid | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python3.5 (Ubuntu Bionic) | Undecided | Invalid | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python3.5 (Ubuntu Cosmic) | Undecided | Invalid | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python3.5 (Ubuntu Disco) | Undecided | Invalid | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python3.5 (Ubuntu Eoan) | Undecided | Invalid | ||
| 1835135 | FIPS OpenSSL crashes Python2 hashlib | python3.5 (Ubuntu Xenial) | Medium | Fix Released | ||
Bug #1835738: SRU: Update Python interpreter to 3.6.9 and 3.7.5
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1835738 | SRU: Update Python interpreter to 3.6.9 and 3.7.5 | python3.7 (Ubuntu) | Undecided | Fix Released | ||
| 1835738 | SRU: Update Python interpreter to 3.6.9 and 3.7.5 | python3-stdlib-extensions (Ubuntu) | Undecided | Fix Released | ||
| 1835738 | SRU: Update Python interpreter to 3.6.9 and 3.7.5 | python3-stdlib-extensions (Ubuntu Disco) | Undecided | Fix Released | ||
| 1835738 | SRU: Update Python interpreter to 3.6.9 and 3.7.5 | python3.7 (Ubuntu Disco) | Undecided | Won't Fix | ||
| 1835738 | SRU: Update Python interpreter to 3.6.9 and 3.7.5 | python3-stdlib-extensions (Ubuntu Eoan) | Undecided | Fix Released | ||
| 1835738 | SRU: Update Python interpreter to 3.6.9 and 3.7.5 | python3.7 (Ubuntu Eoan) | Undecided | Fix Released | ||
| 1835738 | SRU: Update Python interpreter to 3.6.9 and 3.7.5 | python3-stdlib-extensions (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1835738 | SRU: Update Python interpreter to 3.6.9 and 3.7.5 | python3.6 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1835738 | SRU: Update Python interpreter to 3.6.9 and 3.7.5 | python3.7 (Ubuntu Bionic) | Undecided | Fix Released | ||
Bug #1855133: SRU: update python2.7 to the 2.7.17 release
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1855133 | SRU: update python2.7 to the 2.7.17 release | python2.7 (Ubuntu) | Undecided | Fix Released | ||
| 1855133 | SRU: update python2.7 to the 2.7.17 release | python2.7 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1855133 | SRU: update python2.7 to the 2.7.17 release | python-stdlib-extensions (Ubuntu) | Undecided | Fix Released | ||
| 1855133 | SRU: update python2.7 to the 2.7.17 release | python-stdlib-extensions (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1855133 | SRU: update python2.7 to the 2.7.17 release | python-stdlib-extensions (Ubuntu Eoan) | Undecided | Fix Released | ||
| 1855133 | SRU: update python2.7 to the 2.7.17 release | python2.7 (Ubuntu Eoan) | Undecided | Fix Released | ||
Bug #1887438: Controller-0 Not Ready after force rebooting active controller (Controller-1)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1887438 | Controller-0 Not Ready after force rebooting active controller (Controller-1) | StarlingX | Medium | Fix Released | ||
Bug #1906470: CVE-2019-11068: libxslt: bypass of protection mechanism
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1906470 | CVE-2019-11068: libxslt: bypass of protection mechanism | StarlingX | High | Fix Released | ||
Bug #1906471: CVE-2019-17006: nss: crypto primitives missing length checks
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1906471 | CVE-2019-17006: nss: crypto primitives missing length checks | StarlingX | High | Fix Released | ||
Bug #1908088: stx-tools: yum fails in Docker with misleading error messages
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1908088 | stx-tools: yum fails in Docker with misleading error messages | StarlingX | Low | Fix Released | ||
Bug #1908297: populate_downloads.sh doesn't clean/backup old content
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1908297 | populate_downloads.sh doesn't clean/backup old content | StarlingX | Low | Fix Released | ||
Bug #1908751: mirror-check.sh failes for layered build
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1908751 | mirror-check.sh failes for layered build | StarlingX | Low | Triaged | ||
Bug #1910130: Build of 'compile' layer fails due to missing python3 dependencies
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1910130 | Build of 'compile' layer fails due to missing python3 dependencies | StarlingX | Critical | Fix Released | ||
Bug #1912139: CVE-2018-19519: tcpdump: a stack-based buffer over-read
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1912139 | CVE-2018-19519: tcpdump: a stack-based buffer over-read | StarlingX | Medium | Fix Released | ||
Bug #1912682: tools: Dockerfile: yum install silently ignores errors
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1912682 | tools: Dockerfile: yum install silently ignores errors | StarlingX | Low | Fix Released | ||
Bug #1915050: IPv6: All hosts remain offline after booting off the controller-0
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1915050 | IPv6: All hosts remain offline after booting off the controller-0 | StarlingX | Critical | Fix Released | ||
Bug #1917864: bash: shell commands are no longer logged to /var/log/bash.log
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1917864 | bash: shell commands are no longer logged to /var/log/bash.log | StarlingX | High | Fix Released | ||
Bug #1917901: tb.sh create fails on rmdir /var/lib/mock
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1917901 | tb.sh create fails on rmdir /var/lib/mock | StarlingX | High | Fix Released | ||
Bug #1918154: CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1918154 | CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow | StarlingX | High | Fix Released | ||
Bug #1918477: download_mirror.sh is slow
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1918477 | download_mirror.sh is slow | StarlingX | High | Fix Released | ||
Bug #1920024: linuxsoft.cern.ch is no longer responding
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1920024 | linuxsoft.cern.ch is no longer responding | StarlingX | High | Fix Released | ||
Bug #1923458: basearch not always set
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1923458 | basearch not always set | StarlingX | Medium | Fix Released | ||
Bug #1924691: systemd sends tons of useless PropertiesChanged messages when a mount happens
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1924691 | systemd sends tons of useless PropertiesChanged messages when a mount happens | StarlingX | Medium | Fix Released | ||
Bug #1926372: CVE-2021-26937 screen segfault
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1926372 | CVE-2021-26937 screen segfault | StarlingX | High | Fix Released | ||
Bug #1926987: Download_mirror.sh fails on 'flockflock'
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1926987 | Download_mirror.sh fails on 'flockflock' | StarlingX | Critical | Fix Released | ||
Bug #1927137: Docker build env fails on git-review
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1927137 | Docker build env fails on git-review | StarlingX | Critical | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
