ELSA-2016-2586

Опубликовано: 09 нояб. 2016

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2016-2586: python security, bug fix, and enhancement update (LOW)

[2.7.5-48.0.1]

Add Oracle Linux distribution in platform.py [orabug 20812544]

[2.7.5-48]

Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz#1359164

[2.7.5-47]

Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.get_data() Resolves: rhbz#1356364

[2.7.5-46]

Drop patch 221 that backported sslwrap function since it was introducing regressions
Refactor patch 227 Resolves: rhbz#1331425

[2.7.5-45]

Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647) Raise an error when STARTTLS fails (upstream patch)
Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699) Disabled HTTP header injections in httplib (upstream patch) Resolves: rhbz#1346357

[2.7.5-44]

Fix iteration over files with very long lines Resolves: rhbz#1271760

[2.7.5-43]

Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/ Resolves: rhbz#1288426

[2.7.5-42]

JSON decoder lone surrogates fix Resolves: rhbz#1301017

[2.7.5-41]

Updated PEP493 implementation Resolves: rhbz#1315758

[2.7.5-40]

Backport of Computed Goto dispatch Resolves: rhbz#1289277

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

python

2.7.5-48.0.1.el7

python-debug

2.7.5-48.0.1.el7

python-devel

2.7.5-48.0.1.el7

python-libs

2.7.5-48.0.1.el7

python-test

2.7.5-48.0.1.el7

python-tools

2.7.5-48.0.1.el7

tkinter

2.7.5-48.0.1.el7

Связанные CVE

CVE-2016-5636

Ссылки на источники

Связанные уязвимости

CVE-2016-5636

CVSS3: 9.8

ubuntu

почти 9 лет назад

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.