MGASA-2019-0135 - Updated python3 packages fix security vulnerability

Publication date: 10 Apr 2019
URL: https://advisories.mageia.org/MGASA-2019-0135.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-14647,
     CVE-2018-20406,
     CVE-2019-5010,
     CVE-2019-9636

Python's elementtree C accelerator failed to initialise Expat's hash salt
during initialization. This could make it easy to conduct denial of service
attacks against Expat by contructing an XML document that would cause
pathological hash collisions in Expat's internal data structures, consuming
large amounts CPU and RAM (CVE-2018-14647).

Modules/_pickle.c in Python before 3.5.7 has an integer overflow via a large
LONG_BINPUT value that is mishandled during a "resize to twice the size"
attempt. This issue might cause memory exhaustion, but is only relevant if
the pickle format is used for serializing tens or hundreds of gigabytes of
data
(CVE-2018-20406).

A null pointer dereference vulnerability was found in the certificate
parsing code in Python. This causes a denial of service to applications when
parsing specially crafted certificates. This vulnerability is unlikely to be
triggered if application enables SSL/TLS certificate validation and accepts
certificates only from trusted root certificate authorities (CVE-2019-5010).

A vulnerability was found in Python 3.x through 3.5.7. An improper Handling
of Unicode Encoding (with an incorrect netloc) during NFKC normalization could
lead to an Information Disclosure (credentials, cookies, etc. that are cached
against a given hostname) in the urllib.parse.urlsplit, urllib.parse.urlparse
components. A specially crafted URL could be incorrectly parsed to locate
cookies or authentication data and send that information to a different host
than when parsed correctly (CVE-2019-9636).

The python3 package has been updated to version 3.5.7, fixing these and other
issues.

References:
- https://bugs.mageia.org/show_bug.cgi?id=23664
- https://pythoninsider.blogspot.com/2019/03/python-3.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A7QEHDSATR6O6LCG44EN2DA4QDAYBYWW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636

SRPMS:
- 6/core/python3-3.5.7-1.mga6

Mageia 2019-0135: python3 security update

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization

Summary

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (CVE-2018-14647).
Modules/_pickle.c in Python before 3.5.7 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data (CVE-2018-20406).
A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities (CVE-2019-5010).
A vulnerability was found in Python 3.x through 3.5.7. An improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization could lead to an Information Disclosure (credentials, cookies, etc. that are cached against a given hostname) in the urllib.parse.urlsplit, urllib.parse.urlparse components. A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly (CVE-2019-9636).
The python3 package has been updated to version 3.5.7, fixing these and other issues.

References

- https://bugs.mageia.org/show_bug.cgi?id=23664

- https://pythoninsider.blogspot.com/2019/03/python-3.html

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A7QEHDSATR6O6LCG44EN2DA4QDAYBYWW/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636

Resolution

MGASA-2019-0135 - Updated python3 packages fix security vulnerability

SRPMS

- 6/core/python3-3.5.7-1.mga6

Severity
Publication date: 10 Apr 2019
URL: https://advisories.mageia.org/MGASA-2019-0135.html
Type: security
CVE: CVE-2018-14647, CVE-2018-20406, CVE-2019-5010, CVE-2019-9636

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved