(RHSA-2013:1582) Moderate: python security, bug fix, and enhancement update

ID RHSA-2013:1582
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:26


Python is an interpreted, interactive, object-oriented programming language.

A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238)

These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.

All users of python are advised to upgrade to these updated packages, which fix these issues and add this enhancement.