{"id":"MGASA-2016-0296","summary":"Updated python3/python packages fix security vulnerability","details":"Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and\nvendors have implemented support for the “Proxy” request header in their\nrespective CGI implementations and languages by creating the “HTTP_PROXY”\nenvironmental variable based on the header value. When this variable is\nused (in many cases automatically by various HTTP client libraries) any\noutgoing requests generated in turn from the attackers original request\ncan be redirected to an attacker controlled proxy. This allows attackers\nto view potentially sensitive information, reply with malformed data, or\nto hold connections open causing a potential denial of service.\n","modified":"2026-02-04T04:11:13.024742Z","published":"2016-08-31T17:34:12Z","related":["CVE-2016-1000110"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0296.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19189"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359175"},{"type":"REPORT","url":"http://lwn.net/Vulnerabilities/697141/"},{"type":"REPORT","url":"https://bugs.python.org/issue27568"}],"affected":[{"package":{"name":"python3","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/python3?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.3-1.5.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0296.json"}},{"package":{"name":"python","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/python?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.9-2.4.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0296.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}