Advisories ยป MGASA-2019-0135

Updated python3 packages fix security vulnerability

Publication date: 10 Apr 2019
Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14647 , CVE-2018-20406 , CVE-2019-5010 , CVE-2019-9636

Description

Python's elementtree C accelerator failed to initialise Expat's hash salt
during initialization. This could make it easy to conduct denial of service
attacks against Expat by contructing an XML document that would cause
pathological hash collisions in Expat's internal data structures, consuming
large amounts CPU and RAM (CVE-2018-14647).

Modules/_pickle.c in Python before 3.5.7 has an integer overflow via a large
LONG_BINPUT value that is mishandled during a "resize to twice the size"
attempt. This issue might cause memory exhaustion, but is only relevant if
the pickle format is used for serializing tens or hundreds of gigabytes of
data
(CVE-2018-20406).

A null pointer dereference vulnerability was found in the certificate
parsing code in Python. This causes a denial of service to applications when
parsing specially crafted certificates. This vulnerability is unlikely to be
triggered if application enables SSL/TLS certificate validation and accepts
certificates only from trusted root certificate authorities (CVE-2019-5010).

A vulnerability was found in Python 3.x through 3.5.7. An improper Handling
of Unicode Encoding (with an incorrect netloc) during NFKC normalization could
lead to an Information Disclosure (credentials, cookies, etc. that are cached
against a given hostname) in the urllib.parse.urlsplit, urllib.parse.urlparse
components. A specially crafted URL could be incorrectly parsed to locate
cookies or authentication data and send that information to a different host
than when parsed correctly (CVE-2019-9636).

The python3 package has been updated to version 3.5.7, fixing these and other
issues.

References

SRPMS

6/core