Moderate CentOS python Update

Metadata

medium
4.3
python-2.6.6-51.el6.i686.rpm, python-2.6.6-51.el6.src.rpm, python-2.6.6-51.el6.x86_64.rpm, python-devel-2.6.6-51.el6.i686.rpm, python-devel-2.6.6-51.el6.x86_64.rpm, python-libs-2.6.6-51.el6.i686.rpm, python-libs-2.6.6-51.el6.x86_64.rpm, python-test-2.6.6-51.el6.i686.rpm, python-test-2.6.6-51.el6.x86_64.rpm, python-tools-2.6.6-51.el6.i686.rpm, python-tools-2.6.6-51.el6.x86_64.rpm, tkinter-2.6.6-51.el6.i686.rpm, tkinter-2.6.6-51.el6.x86_64.rpm
CVE-2013-4238
rhn.redhat.com, lists.centos.org
2013-11-26
2017-07-27 19:06
ALAS-2013-220
ALAS-2013-241
CVE-2013-4238 python2.7
CVE-2013-4238 python2.6
CVE-2013-4238 python3.2
CVE-2013-4238
2017-04-01 19:07
2017-01-05 20:11

Description


Updated python packages that fix one security issue, several bugs, and add
one enhancement are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.


Python is an interpreted, interactive, object-oriented programming
language.

A flaw was found in the way the Python SSL module handled X.509 certificate
fields that contain a NULL byte. An attacker could potentially exploit this
flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that
to exploit this issue, an attacker would need to obtain a carefully crafted
certificate signed by an authority that the client trusts. (CVE-2013-4238)

These updated python packages include numerous bug fixes and one
enhancement. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.

All users of python are advised to upgrade to these updated packages, which
fix these issues and add this enhancement.

Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 python python-2.6.6-51.el6.i686.rpm
python python-2.6.6-51.el6.src.rpm
python python-2.6.6-51.el6.x86_64.rpm
python-devel python-devel-2.6.6-51.el6.i686.rpm
python-devel python-devel-2.6.6-51.el6.x86_64.rpm
python-libs python-libs-2.6.6-51.el6.i686.rpm
python-libs python-libs-2.6.6-51.el6.x86_64.rpm
python-test python-test-2.6.6-51.el6.i686.rpm
python-test python-test-2.6.6-51.el6.x86_64.rpm
python-tools python-tools-2.6.6-51.el6.i686.rpm
python-tools python-tools-2.6.6-51.el6.x86_64.rpm
tkinter tkinter-2.6.6-51.el6.i686.rpm
tkinter tkinter-2.6.6-51.el6.x86_64.rpm