stable

python36-3.6.11-1.fc31

FEDORA-2020-ea5bdbcc90 created by churchyard 3 years ago for Fedora 31

Python 3.6.11

Python 3.6.11 is the latest security fix release of Python 3.6.

  • bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
  • bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.
  • bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.

Also fix a regression with distutils.sysconfig.get_config_var('LIBPL') value in Fedora specific patches.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-ea5bdbcc90

This update has been submitted for testing by churchyard.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago

This update can be pushed to stable now if the maintainer wishes

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Builds
1
python36-3.6.11-1.fc31
Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1727276 CVE-2019-18348 python: CRLF injection via the host part of the url passed to urlopen()
0
0
BZ#1809065 CVE-2020-8492 python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS
0
0
BZ#1851008 distutils module: sysconfig.get_config_var('LIBPL') returns non existing directory
0
0
python36-3.6.11-1.fc31

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.2.1 on bodhi-web-84-p4b44.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy