python-2.6.6-68.0.1.AXS4

エラータID: AXSA:2019-3919:02

Release date: 
Tuesday, July 2, 2019 - 09:22
Subject: 
python-2.6.6-68.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.

Solution: 

Update packages.

CVEs: 
CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-2.6.6-68.0.1.AXS4.src.rpm
    MD5: f907f6970628631598d729d72081bd03
    SHA-256: f5e269a9bdd44a8b86a53b6fc48ce655433985b2264c74702507b3e9a6dd2734
    Size: 10.76 MB

Asianux Server 4 for x86
  1. python-2.6.6-68.0.1.AXS4.i686.rpm
    MD5: 87f620a95894128f9c981efa89e85df8
    SHA-256: c8f06ba0c8fa7fa97d2a113127ef057d32faa249e17c547faa5c99bea1eccbcd
    Size: 75.95 kB
  2. python-devel-2.6.6-68.0.1.AXS4.i686.rpm
    MD5: e33af153737cf91e11b1eea0852ba7bf
    SHA-256: 2a4bdc42d3d8c80598a42b3792f3361d2a9fc087473f98f61c9c94e8886dedcc
    Size: 172.77 kB
  3. python-libs-2.6.6-68.0.1.AXS4.i686.rpm
    MD5: 1cc78b68ac67daf8e8a5841711daf326
    SHA-256: 836ce8647b9d29d68c064a63f81f615b4a49782647151bdc611616254589a7d7
    Size: 5.29 MB
  4. tkinter-2.6.6-68.0.1.AXS4.i686.rpm
    MD5: d614c2a6aff57d06f3216fea163f2b92
    SHA-256: 9408a056bec7371ce74054281001b2d7a121ec7a848591b5322e3fe1228da38f
    Size: 256.39 kB

Asianux Server 4 for x86_64
  1. python-2.6.6-68.0.1.AXS4.x86_64.rpm
    MD5: 7bd92dbf2a4ba8221bf2e7025803dc8f
    SHA-256: 9f39ee5a699923399c9ec3d3dba7c2562ff2194ee688c4b8af7e3ee00abd978b
    Size: 75.57 kB
  2. python-devel-2.6.6-68.0.1.AXS4.x86_64.rpm
    MD5: 8fae57bbe081e7a8ad3eac8bd7dba68f
    SHA-256: 1d92211fd88c4c1d3572ad15b07c5f4a02cd630c2811641d1750a8a1ff709a12
    Size: 172.20 kB
  3. python-libs-2.6.6-68.0.1.AXS4.x86_64.rpm
    MD5: 8889cdf8493ad47f6700350c07f99351
    SHA-256: 080f7fbb02227d5bcd46c3f2c14a4cf240ab767de07735d54e86825c000d4bd8
    Size: 5.33 MB
  4. tkinter-2.6.6-68.0.1.AXS4.x86_64.rpm
    MD5: b65dbd780a94e4bba2b8a4d8da7af4d3
    SHA-256: 7491cd0d50b6548135df5163cddabfd2f85c71119005b32763d3b6e5c6f7ab70
    Size: 257.02 kB
  5. python-libs-2.6.6-68.0.1.AXS4.i686.rpm
    MD5: 1cc78b68ac67daf8e8a5841711daf326
    SHA-256: 836ce8647b9d29d68c064a63f81f615b4a49782647151bdc611616254589a7d7
    Size: 5.29 MB