CentOS Errata and Security Advisory CESA-2013:1582
Python is an interpreted, interactive, object-oriented programming language.
A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238)
These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.
All users of python are advised to upgrade to these updated packages, which fix these issues and add this enhancement.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2013-November/001056.html
Affected packages: python python-devel python-libs python-test python-tools tkinter
Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-1582.html