rh-python35-python-3.5.1-9.el7
エラータID: AXSA:2016-629:01
Release date:
Friday, August 19, 2016 - 00:23
Subject:
rh-python35-python-3.5.1-9.el7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
Python 3 is a new version of the language that is incompatible with the 2.x
line of releases. The language is mostly the same, but many details, especially
how built-in objects like dictionaries and strings work, have changed
considerably, and a lot of deprecated features have finally been removed.
Security issues fixed with this release:
CVE-2016-1000110
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Solution:
Update packages.
CVEs:
CVE-2016-1000110
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2016-0772
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2016-5699
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
Additional Info:
N/A
Download:
SRPMS
- rh-python35-python-3.5.1-9.el7.src.rpm
MD5: 89f70d469ff232987d8d3a4ab709e11f
SHA-256: 7ca93ea475ea1b6201ff5a836e85e75ae14034b474494619f725026f0d202fc3
Size: 14.26 MB
Asianux Server 7 for x86_64
- rh-python35-python-3.5.1-9.el7.x86_64.rpm
MD5: 5ffbc8b17d90ab637e48c2b63042e52f
SHA-256: abee48c8847cf11cad8d3cc4d4b72067c7d18abf9bf2ba0646acc336bcf7701f
Size: 51.98 kB - rh-python35-python-debug-3.5.1-9.el7.x86_64.rpm
MD5: 203b7498b10762ebde2db36e27eb5f43
SHA-256: ff24ba658d319c1912a324a74b67175d2784ecd6b924835b7c544491d43bbfbc
Size: 2.50 MB - rh-python35-python-devel-3.5.1-9.el7.x86_64.rpm
MD5: 6706ca6ed38e05be438cce9529caca4a
SHA-256: 232051f3f444dfa51c06caca2b8f3296b9d484032a24691cc1d87f5283aa19f5
Size: 193.17 kB - rh-python35-python-libs-3.5.1-9.el7.x86_64.rpm
MD5: ad77ce40b2ab5128d4f0539d2c5e3092
SHA-256: ff025370f99dca00f7ce1676e5113ae146f9405e58dc66cb2d28cb8b015aa801
Size: 7.38 MB - rh-python35-python-test-3.5.1-9.el7.x86_64.rpm
MD5: c5eaf9aa6f68e1ade6416e87c9968534
SHA-256: 44ceaf93ae28b295e6c393e0107d3970b87fb2d1a4a922a23202bc2b012d0347
Size: 6.87 MB - rh-python35-python-tkinter-3.5.1-9.el7.x86_64.rpm
MD5: 59ddb54117e0d034dcbec23285646101
SHA-256: f11f25675ecb718ff0e15ba5fade4a8bfa17414650e12443f5ac6ac80152e978
Size: 351.00 kB - rh-python35-python-tools-3.5.1-9.el7.x86_64.rpm
MD5: 23ca300cf010345af6ea77e91113aa71
SHA-256: ccc3ee5a3fec8dc0216c05d5e16403cc44d406931b913bf562036ce4754c58d9
Size: 426.63 kB