Advisories » MGASA-2019-0084

Updated python packages fix security vulnerability

Publication date: 14 Feb 2019
Modification date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-5010

Description

An exploitable denial-of-service vulnerability exists in the X509
certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted
X509 certificate can cause a NULL pointer dereference, resulting in a denial
of service. An attacker can initiate or accept TLS connections using crafted
certificates to trigger this vulnerability (CVE-2019-5010).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24340
• http://lists.suse.com/pipermail/sle-security-updates/2019-February/005089.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010

SRPMS

6/core

• python-2.7.15-1.2.mga6