python, tkinter security update

2013-11-26T13:32:42
ID CESA-2013:1582
Type centos
Reporter CentOS Project
Modified 2013-11-26T13:32:42

Description

CentOS Errata and Security Advisory CESA-2013:1582

Python is an interpreted, interactive, object-oriented programming language.

A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238)

These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.

All users of python are advised to upgrade to these updated packages, which fix these issues and add this enhancement.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2013-November/001056.html

Affected packages: python python-devel python-libs python-test python-tools tkinter

Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-1582.html