Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Fedora 30: FEDORA-2019-0c91ce7b3c Critical: Python 2 Segfault Issues

fedora
Calendar Grey March 29, 2019
Dist Fedora Esm H88
Fedora's Python 2.7.16 receives a security patch aimed at enhancing OpenSSL 1.1.1, addressing major vulnerabilities and overall stability.
Update legacy Python to 2.7.16

Summary

The python2-docs package contains documentation on the Python 2

programming language and interpreter.

Install the python2-docs package if you'd like to use the documentation

for the Python 2 language.

Update legacy Python to 2.7.16. Most significant improvement is that is builds

against OpenSSL 1.1.1. See [upstream release

announcement](https://www.python.org/downloads/release/python-2716/) and

[changelog](https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16.rst)

(+ [rc1 changelog](rc1.rst)). Fixes the following CVEs: *

[CVE-2019-5010](https://access.redhat.com/security/cve/cve-2019-5010) Fix a NULL

pointer deref in ssl module. The cert parser did not handle CRL distribution

points with empty DP or URI correctly. A malicious or buggy certificate can

result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and

Nicolas Edet of Cisco. *

[CVE-2013-1752](https://access.redhat.com/security/cve/cve-2013-1752): Change

use of readline() in `imaplib.IMAP4_SSL` to limit line length.

([CVE-2018-14647](https://access.redhat.com/security/cve/cve-2018-14647) is

listed in upstream changelog, but it was already backported in Fedora.) Note

that Python 2 is deprecated in Fedora 30 and users are advised to switch to

Python 3. Upstream support of Python 2 ends on 2020-01-01.

[ 1 ] Bug #1643450 - Python 2 is built against an old OpenSSL (1.0.1) while 1.1.1 is available in F29

https://bugzilla.redhat.com/show_bug.cgi?id=1643450

su -c 'dnf upgrade --advisory FEDORA-2019-0c91ce7b3c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory security issue critical software update Fedora OpenSSL python2

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 2.7.16
Release: 1.fc30
URL: https://www.python.org/
Summary: Documentation for the Python 2 programming language

Topics%20covered

Topics Covered

security advisory security issue critical software update Fedora OpenSSL python2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here