(RHSA-2017:0936) Moderate: python-defusedxml and python-pysaml2 security update

The defusedxml package contains several Python-only updates for security vulnerabilities in Python’s XML libraries. Defusedxml functions and classes can be used instead of the originals to protect against entity-expansion and DTD-retrieval issues.

PySAML2 is the python implementation of SAML Version 2, containing all the functionality for building a SAML2 service provider or an identity provider, to be used in a WSGI environment.

Security Fix(es):

• An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion. (CVE-2016-10149)