Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 3 Dec 2013 20:07:20 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: python on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: python security, bug fix, and enhancement update Advisory ID: SLSA-2013:1582-2 Issue Date: 2013-11-21 CVE Numbers: CVE-2013-4238 -- A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238) -- SL6 x86_64 python-2.6.6-51.el6.x86_64.rpm python-debuginfo-2.6.6-51.el6.x86_64.rpm python-libs-2.6.6-51.el6.x86_64.rpm tkinter-2.6.6-51.el6.x86_64.rpm python-devel-2.6.6-51.el6.x86_64.rpm python-test-2.6.6-51.el6.x86_64.rpm python-tools-2.6.6-51.el6.x86_64.rpm i386 python-2.6.6-51.el6.i686.rpm python-debuginfo-2.6.6-51.el6.i686.rpm python-libs-2.6.6-51.el6.i686.rpm tkinter-2.6.6-51.el6.i686.rpm python-devel-2.6.6-51.el6.i686.rpm python-test-2.6.6-51.el6.i686.rpm python-tools-2.6.6-51.el6.i686.rpm - Scientific Linux Development Team