ELSA-2017-1868

ELSA-2017-1868 - python security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2017-08-07

Description

[2.7.5-58.0.1]
- Add Oracle Linux distribution in platform.py [orabug 20812544]

[2.7.5-58]
- Set stream to None in case an _open() fails.
Resolves: rhbz#1432003

[2.7.5-57]
- Fix implicit declaration warnings of functions added by patches 147 and 265
Resolves: rhbz#1441237

[2.7.5-56]
- Fix shutil.make_archive ignoring empty directories when creating zip files
Resolves: rhbz#1439734

[2.7.5-55]
- Update Python RPM macros with new ones from EPEL7 to simplify packaging
Resolves: rhbz#1297522

[2.7.5-54]
- Protect key list during fork()
Resolves: rhbz#1268226

[2.7.5-53]
- Fix _ssl.c reference leaks
Resolves: rhbz#1272562

[2.7.5-52]
- Workaround Python's threading library issue with non returning wait, for signals with timeout
Resolves: rhbz#1368076

[2.7.5-51]
- Enable certificate verification by default
Resolves: rhbz#1219110

[2.7.5-50]
- Fix incorrect parsing of certain regular expressions
Resolves: rhbz#1373363

[2.7.5-49]
- Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs
Resolves: rhbz#1364444

[2.7.5-48]
- Fix for CVE-2016-1000110 HTTPoxy attack
Resolves: rhbz#1359164

[2.7.5-47]
- Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.get_data()
Resolves: rhbz#1356364

[2.7.5-46]
- Drop patch 221 that backported sslwrap function since it was introducing regressions
- Refactor patch 227
Resolves: rhbz#1331425

[2.7.5-45]
- Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647)
Raise an error when STARTTLS fails (upstream patch)
- Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699)
Disabled HTTP header injections in httplib (upstream patch)
Resolves: rhbz#1346357

[2.7.5-44]
- Fix iteration over files with very long lines
Resolves: rhbz#1271760

[2.7.5-43]
- Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/
Resolves: rhbz#1288426

[2.7.5-42]
- JSON decoder lone surrogates fix
Resolves: rhbz#1301017

[2.7.5-41]
- Updated PEP493 implementation
Resolves: rhbz#1315758

[2.7.5-40]
- Backport of Computed Goto dispatch
Resolves: rhbz#1289277

Related CVEs

CVE-2014-9365

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 7 (aarch64)	python-2.7.5-58.0.1.el7.src.rpm	673259dff2d99880c2dc8834e044abd2	ELSA-2021-9107
	python-2.7.5-58.0.1.el7.aarch64.rpm	a90621fa298b8f56adcfc2034c36551a	ELSA-2021-9107
	python-debug-2.7.5-58.0.1.el7.aarch64.rpm	c55feaa740c1626403f591999dd1c639	ELSA-2021-9107
	python-devel-2.7.5-58.0.1.el7.aarch64.rpm	e7f8d1e8596fb13f59d3709438503cd8	ELSA-2021-9107
	python-libs-2.7.5-58.0.1.el7.aarch64.rpm	69228b3c4f2cfd61a78e6b4aaf617a34	ELSA-2021-9107
	python-test-2.7.5-58.0.1.el7.aarch64.rpm	8e7bb27d9379f35d28ba5e247ca37dba	ELSA-2021-9107
	python-tools-2.7.5-58.0.1.el7.aarch64.rpm	03dc4663b7b6971b3a30628f2711e005	ELSA-2021-9107
	tkinter-2.7.5-58.0.1.el7.aarch64.rpm	a4133c887d8f96bb42daa9219899beab	ELSA-2021-9107
Oracle Linux 7 (x86_64)	python-2.7.5-58.0.1.el7.src.rpm	673259dff2d99880c2dc8834e044abd2	ELSA-2021-9107
	python-2.7.5-58.0.1.el7.x86_64.rpm	045c967a662bbac0025334f4c9b79554	ELSA-2021-9107
	python-debug-2.7.5-58.0.1.el7.x86_64.rpm	adcf8a3a5a3a7cf884fe922f20f95d1a	ELSA-2021-9107
	python-devel-2.7.5-58.0.1.el7.x86_64.rpm	2a0951b1a9aa947d5a50a1b216094844	ELSA-2021-9107
	python-libs-2.7.5-58.0.1.el7.i686.rpm	3ad425cbeec802986fdb70e5f3587f65	ELSA-2021-9107
	python-libs-2.7.5-58.0.1.el7.x86_64.rpm	d171b7eab5699c1974e61ac2da09d720	ELSA-2021-9107
	python-test-2.7.5-58.0.1.el7.x86_64.rpm	f76fd841dbb1d1e533678248a1ee0dcd	ELSA-2021-9107
	python-tools-2.7.5-58.0.1.el7.x86_64.rpm	45fb73e843471bc5989521fcfb63fad3	ELSA-2021-9107
	tkinter-2.7.5-58.0.1.el7.x86_64.rpm	12d037a7a4edd0a7b93c49d3e36b5155	ELSA-2021-9107

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team