Описание
Security update for python
This update for python fixes the following issues:
Security issue fixed:
- CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libpython2_7-1_0-2.7.14-lp150.6.6.1
libpython2_7-1_0-32bit-2.7.14-lp150.6.6.1
python-2.7.14-lp150.6.6.1
python-32bit-2.7.14-lp150.6.6.1
python-base-2.7.14-lp150.6.6.1
python-base-32bit-2.7.14-lp150.6.6.1
python-curses-2.7.14-lp150.6.6.1
python-demo-2.7.14-lp150.6.6.1
python-devel-2.7.14-lp150.6.6.1
python-doc-2.7.14-lp150.6.6.1
python-doc-pdf-2.7.14-lp150.6.6.1
python-gdbm-2.7.14-lp150.6.6.1
python-idle-2.7.14-lp150.6.6.1
python-tk-2.7.14-lp150.6.6.1
python-xml-2.7.14-lp150.6.6.1
Ссылки
- E-Mail link for openSUSE-SU-2019:0184-1
- SUSE Security Ratings
- SUSE Bug 1122191
- SUSE CVE CVE-2019-5010 page
Описание
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
Затронутые продукты
openSUSE Leap 15.0:libpython2_7-1_0-2.7.14-lp150.6.6.1
openSUSE Leap 15.0:libpython2_7-1_0-32bit-2.7.14-lp150.6.6.1
openSUSE Leap 15.0:python-2.7.14-lp150.6.6.1
openSUSE Leap 15.0:python-32bit-2.7.14-lp150.6.6.1
Ссылки
- CVE-2019-5010
- SUSE Bug 1122191
- SUSE Bug 1126909