Advisories ยป MGASA-2019-0084

Updated python packages fix security vulnerability

Publication date: 14 Feb 2019
Modification date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-5010

Description

An exploitable denial-of-service vulnerability exists in the X509
certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted
X509 certificate can cause a NULL pointer dereference, resulting in a denial
of service. An attacker can initiate or accept TLS connections using crafted
certificates to trigger this vulnerability (CVE-2019-5010).
                

References

SRPMS

6/core