Описание
Recommended update for python-setuptools
python-setuptools was updated to fix one security issue.
The following vulnerability was fixed:
- CVE-2013-7440: Non-RFC6125-compliant host name matching was incorrect (bsc#930189)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
python-setuptools-0.6c11-6.1
SUSE Linux Enterprise Desktop 11 SP4
python-setuptools-0.6c11-6.1
SUSE Linux Enterprise Software Development Kit 11 SP3
python-setuptools-0.6c11-6.1
SUSE Linux Enterprise Software Development Kit 11 SP4
python-setuptools-0.6c11-6.1
Ссылки
- Link for SUSE-SU-2015:1651-1
- E-Mail link for SUSE-SU-2015:1651-1
- SUSE Security Ratings
- SUSE Bug 930189
- SUSE CVE CVE-2013-7440 page
Описание
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:python-setuptools-0.6c11-6.1
SUSE Linux Enterprise Desktop 11 SP4:python-setuptools-0.6c11-6.1
SUSE Linux Enterprise Software Development Kit 11 SP3:python-setuptools-0.6c11-6.1
SUSE Linux Enterprise Software Development Kit 11 SP4:python-setuptools-0.6c11-6.1
Ссылки
- CVE-2013-7440
- SUSE Bug 930189
- SUSE Bug 930207