Описание
Security update for python-setuptools
the following issue was fixed by this update: Non-RFC6125-compliant host name matching was incorrect (CVE-2013-7440 bnc#930189)
Список пакетов
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
python-setuptools-1.1.7-7.1
SUSE Enterprise Storage 1.0
python-setuptools-1.1.7-7.1
SUSE Linux Enterprise Module for Containers 12
python-setuptools-1.1.7-7.1
SUSE Linux Enterprise Module for Public Cloud 12
python-setuptools-1.1.7-7.1
SUSE Linux Enterprise Software Development Kit 12
python-setuptools-1.1.7-7.1
Ссылки
- Link for SUSE-SU-2015:1298-1
- E-Mail link for SUSE-SU-2015:1298-1
- SUSE Security Ratings
- SUSE Bug 930189
- SUSE CVE CVE-2013-7440 page
Описание
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
Затронутые продукты
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-setuptools-1.1.7-7.1
SUSE Enterprise Storage 1.0:python-setuptools-1.1.7-7.1
SUSE Linux Enterprise Module for Containers 12:python-setuptools-1.1.7-7.1
SUSE Linux Enterprise Module for Public Cloud 12:python-setuptools-1.1.7-7.1
Ссылки
- CVE-2013-7440
- SUSE Bug 930189
- SUSE Bug 930207