SuSE 11.3 Security Update : python (SAT Patch Number 8892)

This update for Python fixes the following security issues : - SSL module does not handle certificates that contain hostnames with NULL bytes. CVE-2013-4238. bnc834601 - Various stdlib read flaws. CVE-2013-1752 Additionally, the following non-security issues have been fixed:. bnc856836 - Turn off...

Python多个安全漏洞

CVE ID:CVE-2013-1752、CVE-2013-4238 Python是一款开放源代码的脚本编程语言。 Python存在多个安全漏洞，允许远程攻击者利用漏洞进行伪造攻击和进行拒绝服务攻击。 1，Python SSL模块没有正确处理服务器SSL证书中的"subjectAltNames"通用名的空字节，允许攻击者通过中间人攻击进行服务器伪造攻击，可获取敏感信息。 2，不受限的调用Lib/httplib.py中的"readline"可导致消耗大量内存资源，造成拒绝服务攻击。 3，不受限的调用Lib/ftplib.py中的"readline"可导致消耗大量内存资源，造成拒绝服务攻击。...

Important: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

RedHat Update for python RHSA-2013:1582-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : python (RHSA-2013:1582)

Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Moderate: Red Hat Security Advisory: python security, bug fix, and enhancement update

Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Amazon Linux AMI : python26 (ALAS-2013-241)

It was discovered that multiple Python standard library modules implementing network protocols such as httplib or smtplib failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. CVE-2013-1752...

Updated polarssl package fixes security vulnerabilities

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in PolarSSL before 1.2.6, does not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and...

Mandriva Linux Security Advisory : bzr (MDVSA-2013:229)

Updated bzr packages fix security vulnerabilities : A denial of service flaw was found in the way SSL module implementation of Python 3 performed matching of the certificate's name in the case it contained many '' wildcard characters. A remote attacker, able to obtain valid certificate with its...

Medium: python27

Issue Overview: The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafte...

PHP SSL Module "subjectAltNames"空字节处理安全绕过漏洞

Bugtraq ID:61776 PHP是一种HTML内嵌式的脚本语言 PHP SSL模块不正确处理服务器SSL证书中"subjectAltNames"通用名中的空字节，允许攻击者利用漏洞进行中间人攻击，获取敏感信息 0 PHP 5.3.27 PHP 5.4.17 PHP 5.5.1 厂商解决方案 用户可参考如下厂商提供的安全补丁以修复该漏洞： http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755...

Updated python3, bzr and some python packages fix security vulnerabilties

Updated python3 packages fix security vulnerabilities: A denial of service flaw was found in the way SSL module implementation of Python 3 performed matching of the certificate's name in the case it contained many '' wildcard characters. A remote attacker, able to obtain valid certificate with it...

Mandriva Linux Security Advisory : python (MDVSA-2013:214)

Updated python packages fix security vulnerability : Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...

CVE-2013-4238

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

Design/Logic Flaw

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

CVE-2013-4238

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

PSF-2013-2 ssl: NULL in subjectAltNames

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

CVE-2013-4238

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

CVE-2013-4238

CVE-2013-4238 concerns the Python ssl.match_hostname handling of NULL characters in a domain name within the SAN of an X.509 certificate. Public sources in the initial and connected documents confirm that this flaw could enable MITM spoofing of SSL servers when certificates from trusted CAs are u...

MGASA-2013-0250 Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...