Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Fedora 32: 2020-e9251de272 Critical: python27 Infinite Loop Mitigation

Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-e9251de272 2020-07-24 01:13:00.082811 --------------------------------------------------------------------------------Name : python27 Product : Fedora 32 Version : 2.7.18 Release : 2.fc32 URL : https://www.python.org/ Summary : Version 2.7 of the Python interpreter Description : Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed in the 3.x line. Note that Python 2 is not supported upstream after 2020-01-01, please use the python3 package instead if you can. This package also provides the "python2" executable. --------------------------------------------------------------------------------Update Information: Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) --------------------------------------------------------------------------------ChangeLog: * Mon Jul 20 2020 Petr Viktorin - 2.7.18-2 - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1856481 --------------------------------------------------------------------------------References: [ 1 ] Bug #1856485 - CVE-2019-20907 python2: python: infinite loop in the tarfile module via crafted TAR archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1856485 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-e9251de272' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . This CentOS revision addresses a critical vulnerability in ruby25 that arises during the handling of specifically designed ZIP archives to enhance safety.. Fedora Update, python27 Security Fix, TAR File Vulnerability, Linux Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Jul 23, 2020 •Critical Fedora