python3-3.6.8-17.el7

エラータID: AXSA:2020-630:02

Release date: 
Thursday, October 8, 2020 - 02:38
Subject: 
python3-3.6.8-17.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935)

* python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-16935
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
CVE-2020-8492
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. python3-3.6.8-17.el7.src.rpm
    MD5: 7fb356ed7c16b289d092fb2a5457cd99
    SHA-256: 9ad984d213969e3876afde68be942e1181ae9e561deec482b23e5671c8c12cb1
    Size: 16.60 MB

Asianux Server 7 for x86_64
  1. python3-3.6.8-17.el7.x86_64.rpm
    MD5: 9f083d1f4529d2b7cbeea334f1dd1676
    SHA-256: 0ab69cda4091e21166b1c777ae0c8f75b8a3ed4ac03b050b3ab6a57fb24e8a48
    Size: 69.02 kB
  2. python3-debug-3.6.8-17.el7.x86_64.rpm
    MD5: 1c59650f775936a40feba901071a91b1
    SHA-256: 60c517e885f68afb095188152e94afb3356348cae52bea3b6c3727584130c9ff
    Size: 2.64 MB
  3. python3-devel-3.6.8-17.el7.x86_64.rpm
    MD5: 5e407ccdb2017b43b02f887a6af28210
    SHA-256: a36237b96bc8d33c514843e338416a7b5a2a9a636a1c3ecf864715a5f56aaa6f
    Size: 215.66 kB
  4. python3-idle-3.6.8-17.el7.x86_64.rpm
    MD5: 1e75793d95ef82b7f948f24c81591b37
    SHA-256: 1d7d0971b0e2d737128eefcf6f6a79b266db2d8b575553538d0554cf3d456c01
    Size: 778.03 kB
  5. python3-libs-3.6.8-17.el7.x86_64.rpm
    MD5: b2ce8f76080dbf1f0088aa8f906dea8c
    SHA-256: 10b560ccdc3efaaa4a93e072fdf38f895655d0ddc872d1879afd339d0307d158
    Size: 6.95 MB
  6. python3-test-3.6.8-17.el7.x86_64.rpm
    MD5: dfeabb3449372f8b8eb4217e61afcedc
    SHA-256: 9b39091acbff3b466031a07005475ccf4cfe3c8f6c2144de6d3c5c1e35cc91a1
    Size: 7.24 MB
  7. python3-tkinter-3.6.8-17.el7.x86_64.rpm
    MD5: 9dcdfd9b4c1b725e161c70bd37541bd7
    SHA-256: d00e6a89f098f5f2b0274f82457ad63c0b53ca7a24c9b2c6e77b8d5e0673dc37
    Size: 364.41 kB
  8. python3-3.6.8-17.el7.i686.rpm
    MD5: a7f0e231ca724d6f9b5dc274070e940b
    SHA-256: aaee4fa139d217f052153081a6959703f4e9a20a9fe4cb89867e92b3c4692fdb
    Size: 69.08 kB
  9. python3-debug-3.6.8-17.el7.i686.rpm
    MD5: 1d359dcf13729def4289ef494939af7b
    SHA-256: c7714a5b0e0083b32f4904d2444be2e5937362a919560d4e56fd778c131a9fc1
    Size: 2.42 MB
  10. python3-devel-3.6.8-17.el7.i686.rpm
    MD5: 5558cf5cce4ed364b4d6c3cf485dab51
    SHA-256: 814592ff0c2859912cd1367c82f32929ed84bacc193ad675c0e4c3c777eed2c0
    Size: 215.85 kB
  11. python3-idle-3.6.8-17.el7.i686.rpm
    MD5: bbafd68f49936990f9f10fca588ee9dc
    SHA-256: 00c0f38637f93d1c46513472ef20cf94d4b43b6a1c52f8732f64e8613406737c
    Size: 778.04 kB
  12. python3-libs-3.6.8-17.el7.i686.rpm
    MD5: 3f8bec91a11bca45f938418a5046c33c
    SHA-256: 3279fc770281c5ed3703c1378e441e4a1d00b693486096620155b021887a3b62
    Size: 6.85 MB
  13. python3-test-3.6.8-17.el7.i686.rpm
    MD5: 36857e13354d6111cfaaf64ae63e921f
    SHA-256: 4af098390a10af2622e6450e4695e3632041e950cc93989b924d8d47d11cbb83
    Size: 7.24 MB
  14. python3-tkinter-3.6.8-17.el7.i686.rpm
    MD5: 3d43bddd73d0fe861785f33a92a1a022
    SHA-256: 3b5145ce16c868353adf186a5db3c933c8dbb661bbb36cdfb965b205240bc73f
    Size: 364.39 kB