Updated python packages fix security vulnerabilities
Publication date: 22 Jun 2016Modification date: 22 Jun 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0772 , CVE-2016-5636 , CVE-2016-5699
Description
Updated python and python3 packages fixes security vulnerability:
- Heap overflow in zipimporter module (CVE-2016-5636).
- HTTP header injection in urrlib2/urllib/httplib/http.client (CVE-2016-5699).
- smtplib StartTLS stripping attack (CVE-2016-0772).
References
- https://bugs.mageia.org/show_bug.cgi?id=18691
- http://openwall.com/lists/oss-security/2016/06/16/1
- http://openwall.com/lists/oss-security/2016/06/16/2
- http://openwall.com/lists/oss-security/2016/06/14/9
- https://bugs.python.org/issue26171
- https://bugs.python.org/issue5124
- https://bugs.python.org/issue22928
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699
SRPMS
5/core
- python-2.7.9-2.3.mga5
- python3-3.4.3-1.4.mga5