エラータID: AXSA:2018-3246:03

Release date: 
Tuesday, July 10, 2018 - 16:40
Affected Channels: 
Asianux Server 7 for x86_64

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)

Note: This update modifies the Python ssl module to disable 3DES cipher suites by default.

Asianux would like to thank OpenVPN for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters.

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.


Update packages.

Additional Info: 



  1. python-2.7.5-69.0.1.el7.AXS7.src.rpm
    MD5: c2006917fc92cfd52a9fa247d38426d4
    SHA-256: 0f7f3be43ad4fbc9e3da7160c05ba111b8eff3b5892a51ecc1cb338a152327a1
    Size: 10.19 MB

Asianux Server 7 for x86_64
  1. python-2.7.5-69.0.1.el7.AXS7.x86_64.rpm
    MD5: fe45afdbcb802f9248ea6df973f1d78d
    SHA-256: 0904de4d10a11a9f171f6a096b8285d0314f78abee7359d68e825d1d175a962a
    Size: 92.30 kB
  2. python-devel-2.7.5-69.0.1.el7.AXS7.x86_64.rpm
    MD5: 50d070d6f7974f341f26710cd0e636d6
    SHA-256: 6a617d366a9dd73e32c0842d056a351becf94407330bf34d71cc0c850a08272d
    Size: 396.06 kB
  3. python-libs-2.7.5-69.0.1.el7.AXS7.x86_64.rpm
    MD5: b58270798a68d88219398adc597cdcef
    SHA-256: c43a556f4eccc08aeda407d9a9e2c17aa51f0ca13f3da5d6d811a80225f8b54a
    Size: 5.64 MB
  4. python-libs-2.7.5-69.0.1.el7.AXS7.i686.rpm
    MD5: 7a4826164778249c48663829162632a7
    SHA-256: 0f4e3bb79248c5f78c007ed4fb34fdb05c96032527b9dbc64d2f7e108d59228d
    Size: 5.59 MB