FEDORA-2019-6e1938a3c5 created by churchyard 2 years ago for Fedora 29
stable

Security update to Python 3.5.7. Security fix for CVE-2019-5010, CVE-2018-20406, CVE-2018-1060, CVE-2018-1061, CVE-2019-9636.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-6e1938a3c5

This update has been submitted for testing by churchyard.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon pviktori commented & provided feedback 2 years ago
karma

Works for me! CVE-2018-1060, -1061, -2019-5010 aren't easy to reproduce. I checked that the patches are in, not necessarily that the issues are solved.

BZ#1549192 CVE-2018-1061 python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
BZ#1563461 CVE-2018-1060 CVE-2018-1061 python35: various flaws [fedora-all]
BZ#1666519 CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate
BZ#1666527 CVE-2019-5010 python35: python: NULL pointer dereference using a specially crafted X509 certificate [fedora-all]
BZ#1688543 CVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization
BZ#1688550 CVE-2019-9636 python35: python: Information Disclosure due to urlsplit improper NFKC normalization [fedora-all]

This update has been submitted for batched by bodhi.

2 years ago
User Icon pviktori commented & provided feedback 2 years ago
karma

Works for me! CVE-2018-1060, -1061, -2019-5010 aren't easy to reproduce. I checked that the patches are in, not necessarily that the issues are solved.

BZ#1549192 CVE-2018-1061 python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
BZ#1563461 CVE-2018-1060 CVE-2018-1061 python35: various flaws [fedora-all]
BZ#1666519 CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate
BZ#1666527 CVE-2019-5010 python35: python: NULL pointer dereference using a specially crafted X509 certificate [fedora-all]
BZ#1688543 CVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization
BZ#1688550 CVE-2019-9636 python35: python: Information Disclosure due to urlsplit improper NFKC normalization [fedora-all]

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
1
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1549192 CVE-2018-1061 python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
0
1
BZ#1563461 CVE-2018-1060 CVE-2018-1061 python35: various flaws [fedora-all]
0
1
BZ#1664509 CVE-2018-20406 python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data
0
0
BZ#1664512 CVE-2018-20406 python35: python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data [fedora-all]
0
0
BZ#1666519 CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate
0
1
BZ#1666527 CVE-2019-5010 python35: python: NULL pointer dereference using a specially crafted X509 certificate [fedora-all]
0
1
BZ#1688543 CVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization
0
1
BZ#1688550 CVE-2019-9636 python35: python: Information Disclosure due to urlsplit improper NFKC normalization [fedora-all]
0
1

Automated Test Results