Stay Secure with the Latest Linux Advisories

security advisoryFedorabug fix

Fedora 31: 2020-826b24c329 moderate: Python2 Tar Handling Update

Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-826b24c329 2020-08-06 03:56:53.814289 --------------------------------------------------------------------------------Name : python2 Product : Fedora 31 Version : 2.7.18 Release : 2.fc31 URL : https://www.python.org/ Summary : An interpreted, interactive, object-oriented programming language Description : Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed in the 3.x line. Note that documentation for Python 2 is provided in the python2-docs package. This package provides the "python2" executable; most of the actual implementation is within the "python2-libs" package. --------------------------------------------------------------------------------Update Information: Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) --------------------------------------------------------------------------------ChangeLog: * Mon Jul 20 2020 Petr Viktorin - 2.7.18-2 - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1856481 --------------------------------------------------------------------------------References: [ 1 ] Bug #1856485 - CVE-2019-20907 python2: python: infinite loop in the tarfile module via crafted TAR archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1856485 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-826b24c329' at thecommand line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora enhances Python 2 to address endless loop problems in TAR file management, guaranteeing more secure file operations and system reliability.. Python 2 Update,Fedora Update Notification,TAR File Security Fix,File Handling Error. . LinuxSecurity.com Team

Aug 05, 2020 Fedora