python33-python-3.3.2-18.AXS4
エラータID: AXSA:2016-628:01
Release date:
Friday, August 19, 2016 - 00:11
Subject:
python33-python-3.3.2-18.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Severity:
Moderate
Description:
Python 3 is a new version of the language that is incompatible with the 2.x
line of releases. The language is mostly the same, but many details, especially
how built-in objects like dictionaries and strings work, have changed
considerably, and a lot of deprecated features have finally been removed.
Security issues fixed with this release:
CVE-2016-1000110
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Solution:
Update packages.
CVEs:
CVE-2016-1000110
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2016-0772
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2016-5699
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
Additional Info:
N/A
Download:
SRPMS
- python33-python-3.3.2-18.AXS4.src.rpm
MD5: 761301d43ed76486fceb10aceef7f2ab
SHA-256: 9b21f49e335e98705691ee5a88c0eba68dcd5bf12afcd9405831f90ce09fb788
Size: 11.41 MB
Asianux Server 4 for x86_64
- python33-python-3.3.2-18.AXS4.x86_64.rpm
MD5: 322a6b003380d6ad860575ec66b2a140
SHA-256: 154aebcbf9fe2fdc941b03ddf58a2bec9e3c994225e1ecd87595b1023d08d78c
Size: 42.89 kB - python33-python-debug-3.3.2-18.AXS4.x86_64.rpm
MD5: c9d6bcd3b66028a5318887b5941e99b6
SHA-256: 25a7aa6906b3b5a8c4909621f44986a08c518f64dc647260ff7c6a9f0cbc86c8
Size: 2.08 MB - python33-python-devel-3.3.2-18.AXS4.x86_64.rpm
MD5: 3bbaaa8e084f1d20a3e461002d4680f1
SHA-256: dbae6270b43d37c4576a039bd1d8ce2e98607a88bc7fd079abf79f7ee4e61569
Size: 174.47 kB - python33-python-libs-3.3.2-18.AXS4.x86_64.rpm
MD5: 9b04ed4604daf5470b2cfe726202847a
SHA-256: cea0585300511481e1d461026f565ed68b837a721d8d32cf0d9a8822b7220cd3
Size: 6.24 MB - python33-python-test-3.3.2-18.AXS4.x86_64.rpm
MD5: 1125fd8a85d6ee0fb9b2ceb8d9714272
SHA-256: 6f9d304531677ba6602d22c88bdfb83904260ac3de738aa8e75aa8421b457ac4
Size: 5.31 MB - python33-python-tkinter-3.3.2-18.AXS4.x86_64.rpm
MD5: 505a3e5bbe115c1b317f7e997d514eea
SHA-256: 8d80f2a56a5dbe7f654919406f5cde0acc26e85ee5bdf03a678617c440731bab
Size: 339.04 kB - python33-python-tools-3.3.2-18.AXS4.x86_64.rpm
MD5: 0c4dbdc1cf96c4459faccdb92042289c
SHA-256: 295763af5c6a404b68c007c8f45ec28e43c644d7d095bc6b27d36cc0584448b7
Size: 432.57 kB