Уязвимость CVE-2019-5010: Информация
Описание
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
python | sisyphus | 2.7.16-alt1 | 2.7.18-alt11 | ALT-PU-2019-1565-1 | 226365 | Исправлено |
python | p10 | 2.7.16-alt1 | 2.7.18-alt10 | ALT-PU-2019-1565-1 | 226365 | Исправлено |
python | p9 | 2.7.16-alt1 | 2.7.16-alt1.M90P.2 | ALT-PU-2019-1565-1 | 226365 | Исправлено |
python | c10f1 | 2.7.16-alt1 | 2.7.18-alt10 | ALT-PU-2019-1565-1 | 226365 | Исправлено |
python | c9f2 | 2.7.16-alt1 | 2.7.18-alt0.MC9.1 | ALT-PU-2019-1565-1 | 226365 | Исправлено |
python | p11 | 2.7.16-alt1 | 2.7.18-alt11 | ALT-PU-2019-1565-1 | 226365 | Исправлено |
python3 | sisyphus | 3.6.8-alt1 | 3.12.2-alt1 | ALT-PU-2019-1149-1 | 220164 | Исправлено |
python3 | p10 | 3.6.8-alt1 | 3.9.18-alt1 | ALT-PU-2019-1149-1 | 220164 | Исправлено |
python3 | p9 | 3.6.8-alt1 | 3.7.17-alt1 | ALT-PU-2019-1149-1 | 220164 | Исправлено |
python3 | c10f1 | 3.6.8-alt1 | 3.9.18-alt0.c10f1.1 | ALT-PU-2019-1149-1 | 220164 | Исправлено |
python3 | c9f2 | 3.6.8-alt1 | 3.7.17-alt1 | ALT-PU-2019-1149-1 | 220164 | Исправлено |
python3 | p11 | 3.6.8-alt1 | 3.12.2-alt1 | ALT-PU-2019-1149-1 | 220164 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758 |
|
RHSA-2019:3520 |
|
RHSA-2019:3725 |
|
openSUSE-SU-2020:0086 |
|
GLSA-202003-26 |
|
[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update |
|
[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update |
|
[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image |